From b31b8817c9b2c9a429810c4e59e064c62931244c Mon Sep 17 00:00:00 2001
From: Christopher Bunn <b11.chris@gmail.com>
Date: Wed, 26 Feb 2014 22:17:25 -0500
Subject: [PATCH 1/2] Adding InvalidView and verify_invite views to whitelist
 (user should be able to access these without being in beta).

Enforcing login requirements before invitee with new code can be validated.  If user is not logged in, she is redirected to auth login page.  If auth 'next' feature is used, a successful login will then redirect to VerifiedView view.

.gitignor-ing Vagrant settings used for local development

Added test scenario for invalid Invite Code
---
 .gitignore                           | 5 ++++-
 docs/example_app.rst                 | 2 +-
 hunger/middleware.py                 | 4 +++-
 hunger/templates/hunger/invalid.html | 1 +
 hunger/views.py                      | 5 +++++
 tests/tests.py                       | 6 ++++++
 6 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 hunger/templates/hunger/invalid.html

diff --git a/.gitignore b/.gitignore
index dd52f53..e0c2b05 100755
--- a/.gitignore
+++ b/.gitignore
@@ -57,4 +57,7 @@ media/c/m.scss
 
 media/c/m.scss
 
-*.sqlite
\ No newline at end of file
+*.sqlite
+
+vagrant_bootstrap.sh
+Vagrantfile
\ No newline at end of file
diff --git a/docs/example_app.rst b/docs/example_app.rst
index 297141f..bffa7dc 100644
--- a/docs/example_app.rst
+++ b/docs/example_app.rst
@@ -12,7 +12,7 @@ Clone the repo and run the included example django project::
 Guide
 -----
 
-The example app utlizes a basic configuration with
+The example app utilizes a basic configuration with
 `django-registration
 <https://bitbucket.org/ubernostrum/django-registration>`_ for
 verifying emails. Therefore the list of views in
diff --git a/hunger/middleware.py b/hunger/middleware.py
index 52d8164..7a768b1 100644
--- a/hunger/middleware.py
+++ b/hunger/middleware.py
@@ -58,7 +58,9 @@ def process_view(self, request, view_func, view_args, view_kwargs):
                                'django.contrib.staticfiles.views']
 
         # All hunger views, except NotBetaView, are off limits until in beta
-        whitelisted_views = ['hunger.views.NotBetaView']
+        whitelisted_views = ['hunger.views.NotBetaView',
+                             'hunger.views.verify_invite',
+                             'hunger.views.InvalidView']
 
         short_name = view_func.__class__.__name__
         if short_name == 'function':
diff --git a/hunger/templates/hunger/invalid.html b/hunger/templates/hunger/invalid.html
new file mode 100644
index 0000000..2bd15f6
--- /dev/null
+++ b/hunger/templates/hunger/invalid.html
@@ -0,0 +1 @@
+You have an invalid Invite Code.
\ No newline at end of file
diff --git a/hunger/views.py b/hunger/views.py
index f788002..19d3a78 100644
--- a/hunger/views.py
+++ b/hunger/views.py
@@ -5,6 +5,7 @@
 from hunger.utils import setting, now
 from django.views.generic.base import TemplateView
 from django.views.generic.edit import FormView
+from django.contrib.auth.decorators import login_required
 
 
 class InviteView(FormView):
@@ -55,7 +56,11 @@ class InviteSentView(TemplateView):
     template_name = 'hunger/invite_sent.html'
 
 
+@login_required
 def verify_invite(request, code):
+    """
+    Verify new invitee by storing invite code in cookie for middleware to validate.
+    """
     response = redirect(setting('HUNGER_VERIFIED_REDIRECT'))
     response.set_cookie('hunger_code', code)
     return response
diff --git a/tests/tests.py b/tests/tests.py
index e1a2501..7442b2d 100644
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -116,3 +116,9 @@ def test_invite_existing_user_without_email(self):
         response = self.client.get(reverse('invited_only'))
         # Alice should be denied, since she has no connection with email account
         self.assertEqual(response.status_code, 302)
+
+    def test_invalid_code(self):
+        invalid_code = 'XXXXinvalidcodeXXXX'
+        self.client.login(username='alice', password='secret')
+        response = self.client.get(reverse('hunger-verify', args=[invalid_code]), follow=True)
+        self.assertRedirects(response, reverse('hunger-invalid', args=[invalid_code]))
\ No newline at end of file

From a996a0234a0ad89f91315b6107d5e667dcdbdf06 Mon Sep 17 00:00:00 2001
From: Christopher Bunn <b11.chris@gmail.com>
Date: Sun, 9 Mar 2014 18:37:11 -0500
Subject: [PATCH 2/2] Cleaned up one-liner docstring and reverted .gitignore to
 remove Vagrant references

---
 .gitignore      | 5 +----
 hunger/views.py | 4 +---
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index e0c2b05..dd52f53 100755
--- a/.gitignore
+++ b/.gitignore
@@ -57,7 +57,4 @@ media/c/m.scss
 
 media/c/m.scss
 
-*.sqlite
-
-vagrant_bootstrap.sh
-Vagrantfile
\ No newline at end of file
+*.sqlite
\ No newline at end of file
diff --git a/hunger/views.py b/hunger/views.py
index 19d3a78..175f7e1 100644
--- a/hunger/views.py
+++ b/hunger/views.py
@@ -58,9 +58,7 @@ class InviteSentView(TemplateView):
 
 @login_required
 def verify_invite(request, code):
-    """
-    Verify new invitee by storing invite code in cookie for middleware to validate.
-    """
+    """Verify new invitee by storing invite code for middleware to validate."""
     response = redirect(setting('HUNGER_VERIFIED_REDIRECT'))
     response.set_cookie('hunger_code', code)
     return response