From 3bf644e5de60c2a0cd95aeec371f70224b5f3670 Mon Sep 17 00:00:00 2001
From: neodb dev <neodb@example.org>
Date: Mon, 25 Dec 2023 17:27:31 -0500
Subject: [PATCH] return 405 properly

---
 catalog/views.py         |  8 ++------
 journal/views/profile.py | 12 ++++--------
 journal/views/review.py  |  2 ++
 social/views.py          |  7 +++----
 users/account.py         |  5 ++---
 5 files changed, 13 insertions(+), 21 deletions(-)

diff --git a/catalog/views.py b/catalog/views.py
index 566c1657..af01c72a 100644
--- a/catalog/views.py
+++ b/catalog/views.py
@@ -46,10 +46,9 @@ def retrieve_redirect(request, item_path, item_uuid):
     return redirect(f"/{item_path}/{item_uuid}")
 
 
+@require_http_methods(["GET"])
 @xframe_options_exempt
 def embed(request, item_path, item_uuid):
-    if request.method != "GET":
-        raise BadRequest()
     item = Item.get_by_url(item_uuid)
     if item is None:
         raise Http404()
@@ -69,6 +68,7 @@ def embed(request, item_path, item_uuid):
     )
 
 
+@require_http_methods(["GET"])
 @user_identity_required
 def retrieve(request, item_path, item_uuid):
     # item = get_object_or_404(Item, uid=get_uuid_or_404(item_uuid))
@@ -85,8 +85,6 @@ def retrieve(request, item_path, item_uuid):
         raise Http404()
     if request.headers.get("Accept", "").endswith("json"):
         return redirect(item.api_url)
-    if request.method != "GET":
-        raise BadRequest()
     focus_item = None
     if request.GET.get("focus"):
         focus_item = get_object_or_404(
@@ -264,8 +262,6 @@ def reviews(request, item_path, item_uuid):
 
 @require_http_methods(["GET"])
 def discover(request):
-    if request.method != "GET":
-        raise BadRequest()
     cache_key = "public_gallery"
     gallery_list = cache.get(cache_key, [])
 
diff --git a/journal/views/profile.py b/journal/views/profile.py
index b584a852..c0602cd4 100644
--- a/journal/views/profile.py
+++ b/journal/views/profile.py
@@ -21,8 +21,6 @@ from .common import render_list, target_identity_required
 @require_http_methods(["GET"])
 @target_identity_required
 def profile(request: AuthedHttpRequest, user_name):
-    if request.method != "GET":
-        raise BadRequest()
     target = request.target_identity
     # if user.mastodon_acct != user_name and user.username != user_name:
     #     return redirect(user.url)
@@ -106,13 +104,11 @@ def profile(request: AuthedHttpRequest, user_name):
     )
 
 
+@require_http_methods(["GET"])
+@login_required
+@target_identity_required
 def user_calendar_data(request, user_name):
-    if request.method != "GET" or not request.user.is_authenticated:
-        raise BadRequest()
-    try:
-        target = APIdentity.get_by_handler(user_name)
-    except:
-        return HttpResponse("unavailable")
+    target = request.target_identity
     max_visiblity = max_visiblity_to_user(request.user, target)
     calendar_data = target.shelf_manager.get_calendar_data(max_visiblity)
     return render(
diff --git a/journal/views/review.py b/journal/views/review.py
index 83dbaa24..3ff92886 100644
--- a/journal/views/review.py
+++ b/journal/views/review.py
@@ -10,6 +10,7 @@ from django.urls import reverse
 from django.utils import timezone
 from django.utils.dateparse import parse_datetime
 from django.utils.translation import gettext_lazy as _
+from django.views.decorators.http import require_http_methods
 
 from catalog.models import *
 from common.utils import AuthedHttpRequest, PageLinksGenerator, get_uuid_or_404
@@ -23,6 +24,7 @@ from ..models import *
 from .common import render_list
 
 
+@require_http_methods(["GET"])
 def review_retrieve(request, review_uuid):
     # piece = get_object_or_404(Review, uid=get_uuid_or_404(review_uuid))
     piece = Review.get_by_url(review_uuid)
diff --git a/social/views.py b/social/views.py
index 22bfd505..b28615fe 100644
--- a/social/views.py
+++ b/social/views.py
@@ -5,6 +5,7 @@ from django.core.exceptions import BadRequest
 from django.shortcuts import redirect, render
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
+from django.views.decorators.http import require_http_methods
 
 from catalog.models import *
 from journal.models import *
@@ -16,10 +17,9 @@ _logger = logging.getLogger(__name__)
 PAGE_SIZE = 10
 
 
+@require_http_methods(["GET"])
 @login_required
 def feed(request):
-    if request.method != "GET":
-        raise BadRequest()
     if not request.user.registration_complete:
         return redirect(reverse("users:register"))
     user = request.user
@@ -60,9 +60,8 @@ def feed(request):
 
 
 @login_required
+@require_http_methods(["GET"])
 def data(request):
-    if request.method != "GET":
-        raise BadRequest()
     return render(
         request,
         "feed_data.html",
diff --git a/users/account.py b/users/account.py
index 4de822e9..6346fac4 100644
--- a/users/account.py
+++ b/users/account.py
@@ -17,6 +17,7 @@ from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
+from django.views.decorators.http import require_http_methods
 from loguru import logger
 
 from common.config import *
@@ -136,11 +137,9 @@ def connect(request):
 
 
 # mastodon server redirect back to here
+@require_http_methods(["GET"])
 @mastodon_request_included
 def OAuth2_login(request):
-    if request.method != "GET":
-        raise BadRequest()
-
     code = request.GET.get("code")
     if not code:
         return render(