From 19d77b736385faef2056bc51e2ee6dcbb9f4e841 Mon Sep 17 00:00:00 2001 From: Mike Olund Date: Tue, 21 Mar 2017 18:48:14 -0700 Subject: [PATCH] DIV-233 - Fixed bug with Ajax data being saved after logout --- .../apps/core/middleware/bceid_middleware.py | 13 +++++-------- edivorce/apps/core/views/api.py | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/edivorce/apps/core/middleware/bceid_middleware.py b/edivorce/apps/core/middleware/bceid_middleware.py index 8b63c210..7470f2a4 100644 --- a/edivorce/apps/core/middleware/bceid_middleware.py +++ b/edivorce/apps/core/middleware/bceid_middleware.py @@ -28,14 +28,14 @@ class BceidMiddleware(object): print("Redirecting " + request.path + " to " + settings.PROXY_BASE_URL, file=sys.stderr) return redirect(settings.PROXY_BASE_URL + settings.FORCE_SCRIPT_NAME) - if not localdev and request.META.get('HTTP_SM_USERDN', '') != '': + if not localdev and request.META.get('HTTP_SM_USERDN', False): # 1. Real BCeID user / logged in request.bceid_user = BceidUser( - guid=request.META.get('HTTP_SM_USERDN', ''), + guid=request.META.get('HTTP_SM_USERDN'), is_authenticated=True, user_type='BCEID', - first_name=request.META.get('HTTP_SM_USER', ''), + first_name=request.META.get('HTTP_SM_USER'), last_name='' ) @@ -43,7 +43,7 @@ class BceidMiddleware(object): # 2. Fake BCeID user / logged in request.bceid_user = BceidUser( - guid=request.session.get('fake-bceid-guid', ''), + guid=request.session.get('fake-bceid-guid'), is_authenticated=True, user_type='FAKE', first_name=request.session.get('login-name',''), @@ -53,11 +53,8 @@ class BceidMiddleware(object): else: # 3. Anonymous User / not logged in - if request.session.get('anon-guid', False): - request.session['anon-guid'] = uuid.uuid4().urn[9:] - request.bceid_user = BceidUser( - guid=request.session.get('anon-guid'), + guid=None, is_authenticated=False, user_type='ANONYMOUS', first_name='', diff --git a/edivorce/apps/core/views/api.py b/edivorce/apps/core/views/api.py index f6515bb3..76185af6 100644 --- a/edivorce/apps/core/views/api.py +++ b/edivorce/apps/core/views/api.py @@ -1,6 +1,7 @@ from rest_framework import status from rest_framework.views import APIView from rest_framework.response import Response +from edivorce.apps.core.utils.question_step_mapping import question_step_mapping from edivorce.apps.core.utils.user_response import save_to_session, save_to_db from ..models import Question, BceidUser from ..serializer import UserResponseSerializer @@ -12,17 +13,25 @@ class UserResponseHandler(APIView): return Response(status=status.HTTP_204_NO_CONTENT) serializer = UserResponseSerializer(data=request.data) - + question_key = request.data['question'] + try: - question = Question.objects.get(pk=request.data['question']) + question = Question.objects.get(pk=question_key) value = request.data['value'] if request.bceid_user.is_authenticated: user = BceidUser.objects.get(user_guid=request.bceid_user.guid) save_to_db(serializer, question, value, user) else: + # only prequalification questions can be answered when you aren't logged into BCeID + if not question_key in question_step_mapping['prequalification']: + return Response(data="Not logged in", status=status.HTTP_511_NETWORK_AUTHENTICATION_REQUIRED) + save_to_session(request, question, value) except Question.DoesNotExist: - return Response(data="Question: '%s' does not exist" % request.data['question'], status=status.HTTP_400_BAD_REQUEST) + return Response(data="Question: '%s' does not exist" % question_key, status=status.HTTP_400_BAD_REQUEST) + + response = Response(status=status.HTTP_200_OK) + response['X-Debug-Auth-Type'] = request.bceid_user.type - return Response(status=status.HTTP_200_OK) + return response