Redirect to site base URL after all OOB actions.

keosak · keosak · commit e1a491a78921 · 2016-06-15T17:23:34.000+02:00
diff --git a/app/jekylledit/controllers/auth.py b/app/jekylledit/controllers/auth.py
@@ -13,7 +13,7 @@
 from ..ext.identitytoolkit import Gitkit
 from itsdangerous import URLSafeTimedSerializer
 
-from ..model import Account, Challenge, Repository, Roles, Site, Sites, db
+from ..model import Account, OobAction, Repository, Roles, Site, Sites, db
 from .base import app, mailgun, jsonp
 
 
@@ -125,10 +125,10 @@ def widget():
     oob_code = parse_qs(url.query).get('oobCode')
     if not oob_code or len(oob_code) != 1:
         abort(400)
-    challenge = Challenge.query.get(oob_code[0])
-    if challenge is None:
+    action = OobAction.query.get(oob_code[0])
+    if action is None:
         abort(400)
-    base_url = Sites(challenge.site_id).get_base_url()
+    base_url = Sites(action.site_id).get_base_url()
     if not base_url.endswith('/'):
         base_url += '/'
     return redirect('{}#sign-in'.format(base_url))
@@ -155,12 +155,11 @@ def sign_in_success(site_id):
         db.session.commit()
         return render_template('auth/close-window.html', message='You have signed in.')
     oob_link = gitkit.get_email_verification_link(email)
-    challenge = Challenge(
+    action = OobAction(
         oob_code=parse_qs(urlparse(oob_link).query)['oobCode'][0],
         site_id=site_id,
-        account_id=account.id,
         moment=datetime.utcnow())
-    db.session.add(challenge)
+    db.session.add(action)
     db.session.commit()
     text = render_template('auth/verify-email.txt', oob_link=oob_link)
     send(email, 'Verify email address', text)
@@ -179,7 +178,29 @@ def sign_out():
 
 @blueprint.route('/oob-action', methods={'POST'})
 def oob_action():
+    url_adapter = _request_ctx_stack.top.url_adapter
+    url = urlparse(request.referrer)
+    if url.netloc != request.host:
+        abort(400)
+    endpoint, __ = url_adapter.match(url.path, 'GET')
+    if endpoint != 'auth.widget':
+        abort(400)
+    next = parse_qs(url.query).get('next')
+    if not next or len(next) != 1:
+        abort(400)
+    url = urlparse(next[0])
+    if url.netloc != request.host:
+        abort(400)
+    endpoint, values = url_adapter.match(url.path, 'GET')
+    if endpoint != 'auth.sign_in_success':
+        abort(400)
     result = gitkit.get_oob_result()
+    action = OobAction(
+        oob_code=parse_qs(urlparse(result['oob_link']).query)['oobCode'][0],
+        site_id=values['site_id'],
+        moment=datetime.utcnow())
+    db.session.add(action)
+    db.session.commit()
     if result['action'] == 'changeEmail':
         text = render_template(
             'auth/change-email.txt',
diff --git a/app/jekylledit/migrations/versions/f95f5c80e730_.py b/app/jekylledit/migrations/versions/f95f5c80e730_.py
@@ -0,0 +1,35 @@
+"""Replace challenge with oob_action.
+
+Revision ID: f95f5c80e730
+Revises: 2cf8288266e0
+Create Date: 2016-06-15 15:07:04.644101
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = 'f95f5c80e730'
+down_revision = '2cf8288266e0'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.create_table(
+        'oob_action',
+        sa.Column('oob_code', sa.Unicode(), nullable=False),
+        sa.Column('site_id', sa.Unicode(), nullable=False),
+        sa.Column('moment', sa.DateTime(), nullable=False),
+        sa.PrimaryKeyConstraint('oob_code', name=op.f('oob_action_pkey')),
+        sa.ForeignKeyConstraint(['site_id'], ['site.id'], name=op.f('oob_action_site_id_fkey')),
+    )
+    op.execute("""\
+        INSERT INTO oob_action (oob_code, site_id, moment)
+        SELECT oob_code, site_id, moment
+        FROM challenge
+    """)
+    op.drop_table('challenge')
+
+
+def downgrade():
+    pass
diff --git a/app/jekylledit/model/__init__.py b/app/jekylledit/model/__init__.py
@@ -1,5 +1,5 @@
 # flake8: noqa
 
 from .base import db, migrate
-from .auth import Account, Challenge, Roles, Site
+from .auth import Account, OobAction, Roles, Site
 from .site import Repository, Sites
diff --git a/app/jekylledit/model/auth.py b/app/jekylledit/model/auth.py
@@ -25,20 +25,19 @@ class Account(UserMixin, db.Model):
     roles = db.relationship('Roles')
 
 
-class Challenge(db.Model):
-
-    __tablename__ = 'challenge'
-
-    oob_code = db.Column(db.Unicode, primary_key=True)
-    site_id = db.Column(db.Unicode, db.ForeignKey('site.id'), nullable=False)
-    account_id = db.Column(db.Unicode, db.ForeignKey('account.id'), nullable=False)
-    moment = db.Column(db.DateTime, nullable=False)
-
-
 class Roles(db.Model):
 
     __tablename__ = 'roles'
 
     email = db.Column(db.Unicode, db.ForeignKey('account.email'), primary_key=True)
     site_id = db.Column(db.Unicode, db.ForeignKey('site.id'), primary_key=True, index=True)
     roles = db.Column(JSON, nullable=False)
+
+
+class OobAction(db.Model):
+
+    __tablename__ = 'oob_action'
+
+    oob_code = db.Column(db.Unicode, primary_key=True)
+    site_id = db.Column(db.Unicode, db.ForeignKey('site.id'), nullable=False)
+    moment = db.Column(db.DateTime, nullable=False)
