Commit 12185420 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_subscription_request: Test if invitation token is valid before continue.

parent d26e9520
...@@ -21,4 +21,5 @@ user_input_dict = { ...@@ -21,4 +21,5 @@ user_input_dict = {
return context.SubscriptionRequestModule_requestSubscriptionProxy( return context.SubscriptionRequestModule_requestSubscriptionProxy(
default_email_text, subscription_reference, default_email_text, subscription_reference,
confirmation_required=bool(confirmation_required), confirmation_required=bool(confirmation_required),
user_input_dict=user_input_dict, target_language=target_language, batch_mode=0) token=token, user_input_dict=user_input_dict,
target_language=target_language, batch_mode=0)
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>name=None, default_email_text=None, subscription_reference=None, amount=0, confirmation_required=True, target_language=None, REQUEST=None, **kw</string> </value> <value> <string>name=None, default_email_text=None, subscription_reference=None, amount=0, token=None, confirmation_required=True, target_language=None, REQUEST=None, **kw</string> </value>
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
......
...@@ -3,24 +3,51 @@ from DateTime import DateTime ...@@ -3,24 +3,51 @@ from DateTime import DateTime
if REQUEST is not None: if REQUEST is not None:
raise Unauthorized raise Unauthorized
portal = context.getPortalObject()
web_site = context.getWebSiteValue()
if token:
raise
error = ""
try:
invitation_token = portal.invitation_token_module[token]
except KeyError:
error = context.Base_translateString("Token not Found")
else:
if invitation_token.getValidationState() != "validated":
error = "Token is invalid or it was already used"
if error:
base_url = web_site.absolute_url()
redirect_url = "%s/#order?name=%s&email=%s&amount=%s&subscription_reference=%s&token=%s&error=%s" % (
base_url,
user_input_dict['name'],
email,
user_input_dict["amount"],
subscription_reference,
token,
error
)
return context.REQUEST.RESPONSE.redirect(redirect_url)
# You always needs a user here # You always needs a user here
person, person_is_new = context.SubscriptionRequest_createUser(email, user_input_dict['name']) person, person_is_new = context.SubscriptionRequest_createUser(email, user_input_dict['name'])
web_site = context.getWebSiteValue()
# Check if user is already exist, otherwise redirect to ask confirmation # Check if user is already exist, otherwise redirect to ask confirmation
if confirmation_required and not person_is_new: if confirmation_required and not person_is_new:
base_url = web_site.absolute_url() base_url = web_site.absolute_url()
redirect_url = "%s/#order_confirmation?name=%s&email=%s&amount=%s&subscription_reference=%s" % (
return context.REQUEST.RESPONSE.redirect(
"%s/#order_confirmation?name=%s&email=%s&amount=%s&subscription_reference=%s" % (
base_url, base_url,
person.getTitle(), person.getTitle(),
person.getDefaultEmailText(), person.getDefaultEmailText(),
user_input_dict["amount"], user_input_dict["amount"],
subscription_reference)) subscription_reference)
if token:
redirect_url += "&token=%s" % token
return context.REQUEST.RESPONSE.redirect(redirect_url)
if target_language is None: if target_language is None:
target_language = context.getPortalObject().Localizer.get_selected_language() target_language = portal.Localizer.get_selected_language()
subscription_request = context.subscription_request_module.newContent( subscription_request = context.subscription_request_module.newContent(
portal_type="Subscription Request", portal_type="Subscription Request",
......
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>email, subscription_reference, confirmation_required=False, user_input_dict=None, target_language=None, batch_mode=True, REQUEST=None</string> </value> <value> <string>email, subscription_reference, confirmation_required=False, token=None, user_input_dict=None, target_language=None, batch_mode=True, REQUEST=None</string> </value>
</item> </item>
<item> <item>
<key> <string>_proxy_roles</string> </key> <key> <string>_proxy_roles</string> </key>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment