From 3bf644e5de60c2a0cd95aeec371f70224b5f3670 Mon Sep 17 00:00:00 2001 From: neodb dev Date: Mon, 25 Dec 2023 17:27:31 -0500 Subject: [PATCH] return 405 properly --- catalog/views.py | 8 ++------ journal/views/profile.py | 12 ++++-------- journal/views/review.py | 2 ++ social/views.py | 7 +++---- users/account.py | 5 ++--- 5 files changed, 13 insertions(+), 21 deletions(-) diff --git a/catalog/views.py b/catalog/views.py index 566c1657..af01c72a 100644 --- a/catalog/views.py +++ b/catalog/views.py @@ -46,10 +46,9 @@ def retrieve_redirect(request, item_path, item_uuid): return redirect(f"/{item_path}/{item_uuid}") +@require_http_methods(["GET"]) @xframe_options_exempt def embed(request, item_path, item_uuid): - if request.method != "GET": - raise BadRequest() item = Item.get_by_url(item_uuid) if item is None: raise Http404() @@ -69,6 +68,7 @@ def embed(request, item_path, item_uuid): ) +@require_http_methods(["GET"]) @user_identity_required def retrieve(request, item_path, item_uuid): # item = get_object_or_404(Item, uid=get_uuid_or_404(item_uuid)) @@ -85,8 +85,6 @@ def retrieve(request, item_path, item_uuid): raise Http404() if request.headers.get("Accept", "").endswith("json"): return redirect(item.api_url) - if request.method != "GET": - raise BadRequest() focus_item = None if request.GET.get("focus"): focus_item = get_object_or_404( @@ -264,8 +262,6 @@ def reviews(request, item_path, item_uuid): @require_http_methods(["GET"]) def discover(request): - if request.method != "GET": - raise BadRequest() cache_key = "public_gallery" gallery_list = cache.get(cache_key, []) diff --git a/journal/views/profile.py b/journal/views/profile.py index b584a852..c0602cd4 100644 --- a/journal/views/profile.py +++ b/journal/views/profile.py @@ -21,8 +21,6 @@ from .common import render_list, target_identity_required @require_http_methods(["GET"]) @target_identity_required def profile(request: AuthedHttpRequest, user_name): - if request.method != "GET": - raise BadRequest() target = request.target_identity # if user.mastodon_acct != user_name and user.username != user_name: # return redirect(user.url) @@ -106,13 +104,11 @@ def profile(request: AuthedHttpRequest, user_name): ) +@require_http_methods(["GET"]) +@login_required +@target_identity_required def user_calendar_data(request, user_name): - if request.method != "GET" or not request.user.is_authenticated: - raise BadRequest() - try: - target = APIdentity.get_by_handler(user_name) - except: - return HttpResponse("unavailable") + target = request.target_identity max_visiblity = max_visiblity_to_user(request.user, target) calendar_data = target.shelf_manager.get_calendar_data(max_visiblity) return render( diff --git a/journal/views/review.py b/journal/views/review.py index 83dbaa24..3ff92886 100644 --- a/journal/views/review.py +++ b/journal/views/review.py @@ -10,6 +10,7 @@ from django.urls import reverse from django.utils import timezone from django.utils.dateparse import parse_datetime from django.utils.translation import gettext_lazy as _ +from django.views.decorators.http import require_http_methods from catalog.models import * from common.utils import AuthedHttpRequest, PageLinksGenerator, get_uuid_or_404 @@ -23,6 +24,7 @@ from ..models import * from .common import render_list +@require_http_methods(["GET"]) def review_retrieve(request, review_uuid): # piece = get_object_or_404(Review, uid=get_uuid_or_404(review_uuid)) piece = Review.get_by_url(review_uuid) diff --git a/social/views.py b/social/views.py index 22bfd505..b28615fe 100644 --- a/social/views.py +++ b/social/views.py @@ -5,6 +5,7 @@ from django.core.exceptions import BadRequest from django.shortcuts import redirect, render from django.urls import reverse from django.utils.translation import gettext_lazy as _ +from django.views.decorators.http import require_http_methods from catalog.models import * from journal.models import * @@ -16,10 +17,9 @@ _logger = logging.getLogger(__name__) PAGE_SIZE = 10 +@require_http_methods(["GET"]) @login_required def feed(request): - if request.method != "GET": - raise BadRequest() if not request.user.registration_complete: return redirect(reverse("users:register")) user = request.user @@ -60,9 +60,8 @@ def feed(request): @login_required +@require_http_methods(["GET"]) def data(request): - if request.method != "GET": - raise BadRequest() return render( request, "feed_data.html", diff --git a/users/account.py b/users/account.py index 4de822e9..6346fac4 100644 --- a/users/account.py +++ b/users/account.py @@ -17,6 +17,7 @@ from django.shortcuts import get_object_or_404, redirect, render from django.urls import reverse from django.utils import timezone from django.utils.translation import gettext_lazy as _ +from django.views.decorators.http import require_http_methods from loguru import logger from common.config import * @@ -136,11 +137,9 @@ def connect(request): # mastodon server redirect back to here +@require_http_methods(["GET"]) @mastodon_request_included def OAuth2_login(request): - if request.method != "GET": - raise BadRequest() - code = request.GET.get("code") if not code: return render(