DIV-233 - Fixed bug with Ajax data being saved after logout

edivorce/apps/core/middleware/bceid_middleware.py

@@ -28,14 +28,14 @@ class BceidMiddleware(object):
             print("Redirecting " + request.path + " to " + settings.PROXY_BASE_URL, file=sys.stderr)
             return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME)
 
-        if not localdev and request.META.get('HTTP_SM_USERDN', '') != '':
+        if not localdev and request.META.get('HTTP_SM_USERDN', False):
 
             # 1. Real BCeID user / logged in
             request.bceid_user = BceidUser(
-                guid=request.META.get('HTTP_SM_USERDN', ''),
+                guid=request.META.get('HTTP_SM_USERDN'),
                 is_authenticated=True,
                 user_type='BCEID',
-                first_name=request.META.get('HTTP_SM_USER', ''),
+                first_name=request.META.get('HTTP_SM_USER'),
                 last_name=''
             )
 
@@ -43,7 +43,7 @@ class BceidMiddleware(object):
 
             # 2. Fake BCeID user / logged in
             request.bceid_user = BceidUser(
-                guid=request.session.get('fake-bceid-guid', ''),
+                guid=request.session.get('fake-bceid-guid'),
                 is_authenticated=True,
                 user_type='FAKE',
                 first_name=request.session.get('login-name',''),
@@ -53,11 +53,8 @@ class BceidMiddleware(object):
         else:
 
             # 3.  Anonymous User / not logged in
-            if request.session.get('anon-guid', False):
-                request.session['anon-guid'] = uuid.uuid4().urn[9:]
-
             request.bceid_user = BceidUser(
-                guid=request.session.get('anon-guid'),
+                guid=None,
                 is_authenticated=False,
                 user_type='ANONYMOUS',
                 first_name='',

edivorce/apps/core/views/api.py

@@ -1,6 +1,7 @@
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.response import Response
+from edivorce.apps.core.utils.question_step_mapping import question_step_mapping
 from edivorce.apps.core.utils.user_response import save_to_session, save_to_db
 from ..models import Question, BceidUser
 from ..serializer import UserResponseSerializer
@@ -12,17 +13,25 @@ class UserResponseHandler(APIView):
             return Response(status=status.HTTP_204_NO_CONTENT)
 
         serializer = UserResponseSerializer(data=request.data)
-
+        question_key = request.data['question']
+        
         try:
-            question = Question.objects.get(pk=request.data['question'])
+            question = Question.objects.get(pk=question_key)
             value = request.data['value']
             if request.bceid_user.is_authenticated:
                 user = BceidUser.objects.get(user_guid=request.bceid_user.guid)
                 save_to_db(serializer, question, value, user)
             else:
+                # only prequalification questions can be answered when you aren't logged into BCeID
+                if not question_key in question_step_mapping['prequalification']:
+                    return Response(data="Not logged in", status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED)
+                
                 save_to_session(request, question, value)
 
         except Question.DoesNotExist:
-            return Response(data="Question: '%s' does not exist" % request.data['question'], status=status.HTTP_400_BAD_REQUEST)
+            return Response(data="Question: '%s' does not exist" % question_key, status=status.HTTP_400_BAD_REQUEST)
+
+        response = Response(status=status.HTTP_200_OK)
+        response['X-Debug-Auth-Type'] = request.bceid_user.type
 
-        return Response(status=status.HTTP_200_OK)
+        return response