Merge pull request #44 from mypetyak/master

Whitelisting a few non-beta views + enforcing login before Invite validation
joshuakarjala · Mar 10, 2014 · 6a1c1bb · 6a1c1bb
2 parents 9599948 + a996a02
commit 6a1c1bb
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 2 deletions.
diff --git a/docs/example_app.rst b/docs/example_app.rst
@@ -12,7 +12,7 @@ Clone the repo and run the included example django project::
 Guide
 -----
 
-The example app utlizes a basic configuration with
+The example app utilizes a basic configuration with
 `django-registration
 <https://bitbucket.org/ubernostrum/django-registration>`_ for
 verifying emails. Therefore the list of views in

diff --git a/hunger/middleware.py b/hunger/middleware.py
@@ -58,7 +58,9 @@ def process_view(self, request, view_func, view_args, view_kwargs):
                                'django.contrib.staticfiles.views']
 
         # All hunger views, except NotBetaView, are off limits until in beta
-        whitelisted_views = ['hunger.views.NotBetaView']
+        whitelisted_views = ['hunger.views.NotBetaView',
+                             'hunger.views.verify_invite',
+                             'hunger.views.InvalidView']
 
         short_name = view_func.__class__.__name__
         if short_name == 'function':

diff --git a/hunger/templates/hunger/invalid.html b/hunger/templates/hunger/invalid.html
@@ -0,0 +1 @@
+You have an invalid Invite Code.
diff --git a/hunger/views.py b/hunger/views.py
@@ -5,6 +5,7 @@
 from hunger.utils import setting, now
 from django.views.generic.base import TemplateView
 from django.views.generic.edit import FormView
+from django.contrib.auth.decorators import login_required
 
 
 class InviteView(FormView):
@@ -55,7 +56,9 @@ class InviteSentView(TemplateView):
     template_name = 'hunger/invite_sent.html'
 
 
+@login_required
 def verify_invite(request, code):
+    """Verify new invitee by storing invite code for middleware to validate."""
     response = redirect(setting('HUNGER_VERIFIED_REDIRECT'))
     response.set_cookie('hunger_code', code)
     return response
diff --git a/tests/tests.py b/tests/tests.py
@@ -116,3 +116,9 @@ def test_invite_existing_user_without_email(self):
         response = self.client.get(reverse('invited_only'))
         # Alice should be denied, since she has no connection with email account
         self.assertEqual(response.status_code, 302)
+
+    def test_invalid_code(self):
+        invalid_code = 'XXXXinvalidcodeXXXX'
+        self.client.login(username='alice', password='secret')
+        response = self.client.get(reverse('hunger-verify', args=[invalid_code]), follow=True)
+        self.assertRedirects(response, reverse('hunger-invalid', args=[invalid_code]))