Commit e97539b6 by Őry Máté

dashboard: move tx-confirm token to path parameter

parent 7e6025d5
......@@ -57,7 +57,7 @@ urlpatterns = patterns(
url(r'^node/list/$', NodeList.as_view(), name='dashboard.views.node-list'),
url(r'^node/(?P<pk>\d+)/$', NodeDetailView.as_view(),
url(r'^tx/$', TransferOwnershipConfirmView.as_view(),
url(r'^tx/(?P<key>.*)/?$', TransferOwnershipConfirmView.as_view(),
url(r'^node/delete/(?P<pk>\d+)/$', NodeDelete.as_view(),
......@@ -1507,23 +1507,22 @@ class TransferOwnershipView(LoginRequiredMixin, DetailView):
class TransferOwnershipConfirmView(LoginRequiredMixin, View):
"""User can accept an ownership offer."""
max_age = 3 * 24 * 3600
success_message = _("Ownership successfully transferred.")
success_message = _("Ownership successfully transferred to you.")
def get_salt(cls):
return unicode(cls)
def get(self, request, *args, **kwargs):
def get(self, request, key, *args, **kwargs):
"""Confirm ownership transfer based on token.
logger.debug('Confirm dialog for token %s.', key)
key = request.GET['key']
logger.debug('Confirm dialog for token %s.', key)
instance, new_owner = self.get_instance(key, request.user)
except KeyError:
raise Http404()
except PermissionDenied():
except PermissionDenied:
messages.error(request, _('This token is for an other user.'))
except SuspiciousOperation:
......@@ -1533,16 +1532,10 @@ class TransferOwnershipConfirmView(LoginRequiredMixin, View):
dictionary={'instance': instance, 'key': key})
def post(self, request, *args, **kwargs):
def post(self, request, key, *args, **kwargs):
"""Really transfer ownership based on token.
key = request.POST['key']
instance, owner = self.get_instance(key, request.user)
except KeyError:
logger.debug('Posted to %s without key field.',
raise SuspiciousOperation()
instance, owner = self.get_instance(key, request.user)
old = instance.owner
with instance_activity(code_suffix='ownership-transferred',
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment