paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-01 04:23:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

support: Ensure that only one form is posted at a time.

Browse Source 
The forms to change plan_type, add discount, scrub_realm etc
all post to the same endpoint.

Our frontend code is written so that only one form posts at a time.
But there should be no harm in enforcing the same in backend as well.
This commit is contained in:
Vishnu KS
2020-06-10 19:49:41 +05:30
committed by Tim Abbott
parent 4c6350fa4b
commit 1e68525f83
2 changed files with 20 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
analytics/tests/test_views.py
View File

@@ -643,7 +643,8 @@ class TestSupportEndpoint(ZulipTestCase):
self.assert_in_success_response(["Lear & Co. scrubbed"], result) self.assert_in_success_response(["Lear & Co. scrubbed"], result)
with mock.patch("analytics.views.do_scrub_realm") as m: with mock.patch("analytics.views.do_scrub_realm") as m:
result = self.client_post("/activity/support", {"realm_id": f"{lear_realm.id}"}) with self.assertRaises(AssertionError):
result = self.client_post("/activity/support", {"realm_id": f"{lear_realm.id}"})
m.assert_not_called() m.assert_not_called()
class TestGetChartDataHelpers(ZulipTestCase): class TestGetChartDataHelpers(ZulipTestCase):

36
analytics/views.py
View File

@@ -1113,46 +1113,46 @@ def get_confirmations(types: List[int], object_ids: List[int],
def support(request: HttpRequest) -> HttpResponse: def support(request: HttpRequest) -> HttpResponse:
context: Dict[str, Any] = {} context: Dict[str, Any] = {}
if settings.BILLING_ENABLED and request.method == "POST": if settings.BILLING_ENABLED and request.method == "POST":
realm_id = request.POST.get("realm_id", None) # We check that request.POST only has two keys in it: The
# realm_id and a field to change.
keys = set(request.POST.keys())
if "csrfmiddlewaretoken" in keys:
keys.remove("csrfmiddlewaretoken")
assert(len(keys) == 2)
realm_id = request.POST.get("realm_id")
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
new_plan_type = request.POST.get("plan_type", None) if request.POST.get("plan_type", None) is not None:
if new_plan_type is not None: new_plan_type = int(request.POST.get("plan_type"))
new_plan_type = int(new_plan_type)
current_plan_type = realm.plan_type current_plan_type = realm.plan_type
do_change_plan_type(realm, new_plan_type) do_change_plan_type(realm, new_plan_type)
msg = f"Plan type of {realm.name} changed from {get_plan_name(current_plan_type)} to {get_plan_name(new_plan_type)} " msg = f"Plan type of {realm.name} changed from {get_plan_name(current_plan_type)} to {get_plan_name(new_plan_type)} "
context["message"] = msg context["message"] = msg
elif request.POST.get("discount", None) is not None:
new_discount = request.POST.get("discount", None) new_discount = Decimal(request.POST.get("discount"))
if new_discount is not None:
new_discount = Decimal(new_discount)
current_discount = get_discount_for_realm(realm) current_discount = get_discount_for_realm(realm)
attach_discount_to_realm(realm, new_discount) attach_discount_to_realm(realm, new_discount)
msg = f"Discount of {realm.name} changed to {new_discount} from {current_discount} " msg = f"Discount of {realm.name} changed to {new_discount} from {current_discount} "
context["message"] = msg context["message"] = msg
elif request.POST.get("status", None) is not None:
status = request.POST.get("status", None) status = request.POST.get("status")
if status is not None:
if status == "active": if status == "active":
do_send_realm_reactivation_email(realm) do_send_realm_reactivation_email(realm)
context["message"] = f"Realm reactivation email sent to admins of {realm.name}." context["message"] = f"Realm reactivation email sent to admins of {realm.name}."
elif status == "deactivated": elif status == "deactivated":
do_deactivate_realm(realm, request.user) do_deactivate_realm(realm, request.user)
context["message"] = f"{realm.name} deactivated." context["message"] = f"{realm.name} deactivated."
elif request.POST.get("sponsorship_pending", None) is not None:
sponsorship_pending = request.POST.get("sponsorship_pending", None) sponsorship_pending = request.POST.get("sponsorship_pending")
if sponsorship_pending is not None:
if sponsorship_pending == "true": if sponsorship_pending == "true":
update_sponsorship_status(realm, True) update_sponsorship_status(realm, True)
context["message"] = f"{realm.name} marked as pending sponsorship." context["message"] = f"{realm.name} marked as pending sponsorship."
elif sponsorship_pending == "false": elif sponsorship_pending == "false":
update_sponsorship_status(realm, False) update_sponsorship_status(realm, False)
context["message"] = f"{realm.name} is no longer pending sponsorship." context["message"] = f"{realm.name} is no longer pending sponsorship."
elif request.POST.get("scrub_realm", None) is not None:
scrub_realm = request.POST.get("scrub_realm", None) if request.POST.get("scrub_realm") == "scrub_realm":
if scrub_realm is not None:
if scrub_realm == "scrub_realm":
do_scrub_realm(realm) do_scrub_realm(realm)
context["message"] = f"{realm.name} scrubbed." context["message"] = f"{realm.name} scrubbed."