From 243c69b231023ddd5dc079aaecb553000757dca9 Mon Sep 17 00:00:00 2001 From: Lance Edgar Date: Sun, 4 Aug 2019 22:36:58 -0500 Subject: [PATCH] Fix some user feedback form handling sheesh i don't see how this hasn't been more broken for some time now... --- tailbone/forms/core.py | 10 ++++++++++ tailbone/views/common.py | 24 +++++++++++++++++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/tailbone/forms/core.py b/tailbone/forms/core.py index c5ce1bb7..f5c2f28e 100644 --- a/tailbone/forms/core.py +++ b/tailbone/forms/core.py @@ -923,6 +923,16 @@ class Form(object): # https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.is_xhr if self.request.is_xhr: controls = self.request.json_body.items() + + # TODO: why in the hell is this necessary? some colander forms + # won't validate if a `None` sneaks its way through? note, in + # particular this was needed to allow anonymous user feedback + controls = [[key, val] for key, val in controls] + for i in range(len(controls)): + key, value = controls[i] + if value is None: + controls[i][1] = '' + else: controls = self.request.POST.items() diff --git a/tailbone/views/common.py b/tailbone/views/common.py index 3dcc057d..084db0e9 100644 --- a/tailbone/views/common.py +++ b/tailbone/views/common.py @@ -29,6 +29,7 @@ from __future__ import unicode_literals, absolute_import import six import rattail +from rattail.db import model from rattail.batch import consume_batch_id from rattail.mail import send_email from rattail.util import OrderedDict @@ -45,13 +46,28 @@ from tailbone.views import View from tailbone.util import set_app_theme + +@colander.deferred +def validate_user(node, kw): + session = kw['session'] + def validate(node, value): + import ipdb; ipdb.set_trace() + user = session.query(model.User).get(value) + if not user: + raise colander.Invalid(node, "User not found") + return user.uuid + return validate + + class Feedback(colander.Schema): """ Form schema for user feedback. """ referrer = colander.SchemaNode(colander.String()) - user = colander.SchemaNode(forms.types.UserType()) + user = colander.SchemaNode(colander.String(), + # missing=colander.null, + validator=validate_user) user_name = colander.SchemaNode(colander.String(), missing=colander.null) @@ -161,11 +177,13 @@ class CommonView(View): """ Generic view to handle the user feedback form. """ - form = forms.Form(schema=Feedback(), request=self.request) + schema = Feedback().bind(session=Session()) + form = forms.Form(schema=schema, request=self.request) if form.validate(newstyle=True): data = dict(form.validated) if data['user']: - data['user_url'] = self.request.route_url('users.view', uuid=data['user'].uuid) + data['user'] = Session.query(model.User).get(data['user']) + data['user_url'] = self.request.route_url('users.view', uuid=data['user']) data['client_ip'] = self.request.client_addr send_email(self.rattail_config, 'user_feedback', data=data) return {'ok': True}