mirror of
https://github.com/zulip/zulip.git
synced 2025-10-24 00:23:49 +00:00
corporate: Parse Accept header instead of X-Requested-With.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
committed by
Tim Abbott
parent
721f804736
commit
13bd8771f9
@@ -16,6 +16,7 @@ from corporate.lib.remote_billing_util import (
|
||||
get_remote_server_and_user_from_session,
|
||||
)
|
||||
from zerver.lib.exceptions import RemoteBillingAuthenticationError
|
||||
from zerver.lib.request import get_preferred_type
|
||||
from zerver.lib.subdomains import get_subdomain
|
||||
from zerver.lib.url_encoding import append_url_query_string
|
||||
from zilencer.models import RemoteRealm
|
||||
@@ -123,7 +124,9 @@ def authenticated_remote_realm_management_endpoint(
|
||||
url = append_url_query_string(url, query)
|
||||
|
||||
# Return error for AJAX requests with url.
|
||||
if request.headers.get("x-requested-with") == "XMLHttpRequest": # nocoverage
|
||||
if (
|
||||
get_preferred_type(request, ["application/json", "text/html"]) != "text/html"
|
||||
): # nocoverage
|
||||
return session_expired_ajax_response(url)
|
||||
|
||||
return HttpResponseRedirect(url)
|
||||
@@ -207,7 +210,9 @@ def authenticated_remote_server_management_endpoint(
|
||||
url = append_url_query_string(url, query)
|
||||
|
||||
# Return error for AJAX requests with url.
|
||||
if request.headers.get("x-requested-with") == "XMLHttpRequest": # nocoverage
|
||||
if (
|
||||
get_preferred_type(request, ["application/json", "text/html"]) != "text/html"
|
||||
): # nocoverage
|
||||
return session_expired_ajax_response(url)
|
||||
|
||||
return HttpResponseRedirect(url)
|
||||
|
@@ -500,7 +500,9 @@ class RemoteBillingAuthenticationTest(RemoteRealmBillingTestCase):
|
||||
now + timedelta(seconds=REMOTE_BILLING_SESSION_VALIDITY_SECONDS + 1),
|
||||
tick=False,
|
||||
):
|
||||
result = self.client_get(final_url, subdomain="selfhosting")
|
||||
result = self.client_get(
|
||||
final_url, subdomain="selfhosting", HTTP_ACCEPT="text/html, */*;q=0.8"
|
||||
)
|
||||
|
||||
self.assertEqual(result.status_code, 302)
|
||||
self.assertEqual(
|
||||
@@ -1510,7 +1512,11 @@ class LegacyServerLoginTest(RemoteServerTestCase):
|
||||
hamlet = self.example_user("hamlet")
|
||||
now = timezone_now()
|
||||
# Try to open a page with no auth at all.
|
||||
result = self.client_get(f"/server/{self.uuid}/billing/", subdomain="selfhosting")
|
||||
result = self.client_get(
|
||||
f"/server/{self.uuid}/billing/",
|
||||
subdomain="selfhosting",
|
||||
HTTP_ACCEPT="text/html, */*;q=0.8",
|
||||
)
|
||||
self.assertEqual(result.status_code, 302)
|
||||
# Redirects to the login form with appropriate next_page value.
|
||||
self.assertEqual(result["Location"], "/serverlogin/?next_page=billing")
|
||||
@@ -1534,7 +1540,11 @@ class LegacyServerLoginTest(RemoteServerTestCase):
|
||||
next_page="upgrade",
|
||||
return_without_clicking_confirmation_link=True,
|
||||
)
|
||||
result = self.client_get(f"/server/{self.uuid}/billing/", subdomain="selfhosting")
|
||||
result = self.client_get(
|
||||
f"/server/{self.uuid}/billing/",
|
||||
subdomain="selfhosting",
|
||||
HTTP_ACCEPT="text/html, */*;q=0.8",
|
||||
)
|
||||
self.assertEqual(result.status_code, 302)
|
||||
# Redirects to the login form with appropriate next_page value.
|
||||
self.assertEqual(result["Location"], "/serverlogin/?next_page=billing")
|
||||
@@ -1561,7 +1571,11 @@ class LegacyServerLoginTest(RemoteServerTestCase):
|
||||
now + timedelta(seconds=REMOTE_BILLING_SESSION_VALIDITY_SECONDS + 30),
|
||||
tick=False,
|
||||
):
|
||||
result = self.client_get(f"/server/{self.uuid}/upgrade/", subdomain="selfhosting")
|
||||
result = self.client_get(
|
||||
f"/server/{self.uuid}/upgrade/",
|
||||
subdomain="selfhosting",
|
||||
HTTP_ACCEPT="text/html, */*;q=0.8",
|
||||
)
|
||||
self.assertEqual(result.status_code, 302)
|
||||
self.assertEqual(result["Location"], "/serverlogin/?next_page=upgrade")
|
||||
|
||||
|
Reference in New Issue
Block a user