heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replaced all request.POST with request.form, ...

Browse Source 
- Fixed error handling in OAuth plugin
- Changed request.POST file fields to request.files
This commit is contained in:
Joar Wandborg 2012-09-29 21:07:15 +02:00
parent a6ec38c3c1
commit 111a609df5
11 changed files with 144 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mediagoblin/app.py
View File

@ -130,7 +130,6 @@ class MediaGoblinApp(object):
## Compatibility webob -> werkzeug ## Compatibility webob -> werkzeug
request.GET = request.args request.GET = request.args
request.POST = request.form
request.accept_language = request.accept_languages request.accept_language = request.accept_languages
request.accept = request.accept_mimetypes request.accept = request.accept_mimetypes

30
mediagoblin/auth/views.py
View File

@ -55,12 +55,12 @@ def register(request):
_('Sorry, registration is disabled on this instance.')) _('Sorry, registration is disabled on this instance.'))
return redirect(request, "index") return redirect(request, "index")
register_form = auth_forms.RegistrationForm(request.POST) register_form = auth_forms.RegistrationForm(request.form)
if request.method == 'POST' and register_form.validate(): if request.method == 'POST' and register_form.validate():
# TODO: Make sure the user doesn't exist already # TODO: Make sure the user doesn't exist already
username = unicode(request.POST['username'].lower()) username = unicode(request.form['username'].lower())
em_user, em_dom = unicode(request.POST['email']).split("@", 1) em_user, em_dom = unicode(request.form['email']).split("@", 1)
em_dom = em_dom.lower() em_dom = em_dom.lower()
email = em_user + "@" + em_dom email = em_user + "@" + em_dom
users_with_username = request.db.User.find( users_with_username = request.db.User.find(
@ -85,7 +85,7 @@ def register(request):
user.username = username user.username = username
user.email = email user.email = email
user.pw_hash = auth_lib.bcrypt_gen_password_hash( user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password']) request.form['password'])
user.verification_key = unicode(uuid.uuid4()) user.verification_key = unicode(uuid.uuid4())
user.save(validate=True) user.save(validate=True)
@ -115,21 +115,21 @@ def login(request):
If you provide the POST with 'next', it'll redirect to that view. If you provide the POST with 'next', it'll redirect to that view.
""" """
login_form = auth_forms.LoginForm(request.POST) login_form = auth_forms.LoginForm(request.form)
login_failed = False login_failed = False
if request.method == 'POST' and login_form.validate(): if request.method == 'POST' and login_form.validate():
user = request.db.User.find_one( user = request.db.User.find_one(
{'username': request.POST['username'].lower()}) {'username': request.form['username'].lower()})
if user and user.check_login(request.POST['password']): if user and user.check_login(request.form['password']):
# set up login in session # set up login in session
request.session['user_id'] = unicode(user._id) request.session['user_id'] = unicode(user._id)
request.session.save() request.session.save()
if request.POST.get('next'): if request.form.get('next'):
return exc.HTTPFound(location=request.POST['next']) return exc.HTTPFound(location=request.form['next'])
else: else:
return redirect(request, "index") return redirect(request, "index")
@ -143,7 +143,7 @@ def login(request):
request, request,
'mediagoblin/auth/login.html', 'mediagoblin/auth/login.html',
{'login_form': login_form, {'login_form': login_form,
'next': request.GET.get('next') or request.POST.get('next'), 'next': request.GET.get('next') or request.form.get('next'),
'login_failed': login_failed, 'login_failed': login_failed,
'allow_registration': mg_globals.app_config["allow_registration"]}) 'allow_registration': mg_globals.app_config["allow_registration"]})
@ -236,17 +236,17 @@ def forgot_password(request):
Sends an email with an url to renew forgotten password Sends an email with an url to renew forgotten password
""" """
fp_form = auth_forms.ForgotPassForm(request.POST, fp_form = auth_forms.ForgotPassForm(request.form,
username=request.GET.get('username')) username=request.GET.get('username'))
if request.method == 'POST' and fp_form.validate(): if request.method == 'POST' and fp_form.validate():
# '$or' not available till mongodb 1.5.3 # '$or' not available till mongodb 1.5.3
user = request.db.User.find_one( user = request.db.User.find_one(
{'username': request.POST['username']}) {'username': request.form['username']})
if not user: if not user:
user = request.db.User.find_one( user = request.db.User.find_one(
{'email': request.POST['username']}) {'email': request.form['username']})
if user: if user:
if user.email_verified and user.status == 'active': if user.email_verified and user.status == 'active':
@ -322,7 +322,7 @@ def verify_forgot_password(request):
if request.method == 'POST' and cp_form.validate(): if request.method == 'POST' and cp_form.validate():
user.pw_hash = auth_lib.bcrypt_gen_password_hash( user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password']) request.form['password'])
user.fp_verification_key = None user.fp_verification_key = None
user.fp_token_expire = None user.fp_token_expire = None
user.save() user.save()
@ -355,7 +355,7 @@ def _process_for_token(request):
if request.method == 'GET': if request.method == 'GET':
formdata_vars = request.GET formdata_vars = request.GET
else: else:
formdata_vars = request.POST formdata_vars = request.form
formdata = { formdata = {
'vars': formdata_vars, 'vars': formdata_vars,

60
mediagoblin/edit/views.py
View File

@ -51,27 +51,27 @@ def edit_media(request, media):
license=media.license) license=media.license)
form = forms.EditForm( form = forms.EditForm(
request.POST, request.form,
**defaults) **defaults)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
# Make sure there isn't already a MediaEntry with such a slug # Make sure there isn't already a MediaEntry with such a slug
# and userid. # and userid.
slug_used = check_media_slug_used(request.db, media.uploader, slug_used = check_media_slug_used(request.db, media.uploader,
request.POST['slug'], media.id) request.form['slug'], media.id)
if slug_used: if slug_used:
form.slug.errors.append( form.slug.errors.append(
_(u'An entry with that slug already exists for this user.')) _(u'An entry with that slug already exists for this user.'))
else: else:
media.title = unicode(request.POST['title']) media.title = unicode(request.form['title'])
media.description = unicode(request.POST.get('description')) media.description = unicode(request.form.get('description'))
media.tags = convert_to_tag_list_of_dicts( media.tags = convert_to_tag_list_of_dicts(
request.POST.get('tags')) request.form.get('tags'))
media.license = unicode(request.POST.get('license', '')) or None media.license = unicode(request.form.get('license', '')) or None
media.slug = unicode(request.POST['slug']) media.slug = unicode(request.form['slug'])
media.save() media.save()
@ -106,9 +106,9 @@ def edit_attachments(request, media):
form = forms.EditAttachmentsForm() form = forms.EditAttachmentsForm()
# Add any attachements # Add any attachements
if ('attachment_file' in request.POST if ('attachment_file' in request.form
and isinstance(request.POST['attachment_file'], FieldStorage) and isinstance(request.form['attachment_file'], FieldStorage)
and request.POST['attachment_file'].file): and request.form['attachment_file'].file):
# Security measure to prevent attachments from being served as # Security measure to prevent attachments from being served as
# text/html, which will be parsed by web clients and pose an XSS # text/html, which will be parsed by web clients and pose an XSS
@ -121,13 +121,13 @@ def edit_attachments(request, media):
# machine parsing the upload form, and not necessarily the machine # machine parsing the upload form, and not necessarily the machine
# serving the attachments. # serving the attachments.
if mimetypes.guess_type( if mimetypes.guess_type(
request.POST['attachment_file'].filename)[0] in \ request.form['attachment_file'].filename)[0] in \
UNSAFE_MIMETYPES: UNSAFE_MIMETYPES:
public_filename = secure_filename('{0}.notsafe'.format( public_filename = secure_filename('{0}.notsafe'.format(
request.POST['attachment_file'].filename)) request.form['attachment_file'].filename))
else: else:
public_filename = secure_filename( public_filename = secure_filename(
request.POST['attachment_file'].filename) request.form['attachment_file'].filename)
attachment_public_filepath \ attachment_public_filepath \
= mg_globals.public_store.get_unique_filepath( = mg_globals.public_store.get_unique_filepath(
@ -139,13 +139,13 @@ def edit_attachments(request, media):
try: try:
attachment_public_file.write( attachment_public_file.write(
request.POST['attachment_file'].file.read()) request.form['attachment_file'].file.read())
finally: finally:
request.POST['attachment_file'].file.close() request.form['attachment_file'].file.close()
media.attachment_files.append(dict( media.attachment_files.append(dict(
name=request.POST['attachment_name'] \ name=request.form['attachment_name'] \
or request.POST['attachment_file'].filename, or request.form['attachment_file'].filename,
filepath=attachment_public_filepath, filepath=attachment_public_filepath,
created=datetime.utcnow(), created=datetime.utcnow(),
)) ))
@ -155,8 +155,8 @@ def edit_attachments(request, media):
messages.add_message( messages.add_message(
request, messages.SUCCESS, request, messages.SUCCESS,
"You added the attachment %s!" \ "You added the attachment %s!" \
% (request.POST['attachment_name'] % (request.form['attachment_name']
or request.POST['attachment_file'].filename)) or request.form['attachment_file'].filename))
return exc.HTTPFound( return exc.HTTPFound(
location=media.url_for_self(request.urlgen)) location=media.url_for_self(request.urlgen))
@ -183,13 +183,13 @@ def edit_profile(request):
else: else:
user = request.user user = request.user
form = forms.EditProfileForm(request.POST, form = forms.EditProfileForm(request.form,
url=user.get('url'), url=user.get('url'),
bio=user.get('bio')) bio=user.get('bio'))
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
user.url = unicode(request.POST['url']) user.url = unicode(request.form['url'])
user.bio = unicode(request.POST['bio']) user.bio = unicode(request.form['bio'])
user.save() user.save()
@ -210,7 +210,7 @@ def edit_profile(request):
@require_active_login @require_active_login
def edit_account(request): def edit_account(request):
user = request.user user = request.user
form = forms.EditAccountForm(request.POST, form = forms.EditAccountForm(request.form,
wants_comment_notification=user.get('wants_comment_notification')) wants_comment_notification=user.get('wants_comment_notification'))
if request.method == 'POST': if request.method == 'POST':
@ -268,32 +268,32 @@ def edit_collection(request, collection):
description=collection.description) description=collection.description)
form = forms.EditCollectionForm( form = forms.EditCollectionForm(
request.POST, request.form,
**defaults) **defaults)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
# Make sure there isn't already a Collection with such a slug # Make sure there isn't already a Collection with such a slug
# and userid. # and userid.
slug_used = check_collection_slug_used(request.db, collection.creator, slug_used = check_collection_slug_used(request.db, collection.creator,
request.POST['slug'], collection.id) request.form['slug'], collection.id)
# Make sure there isn't already a Collection with this title # Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.find_one({ existing_collection = request.db.Collection.find_one({
'creator': request.user._id, 'creator': request.user._id,
'title':request.POST['title']}) 'title':request.form['title']})
if existing_collection and existing_collection.id != collection.id: if existing_collection and existing_collection.id != collection.id:
messages.add_message( messages.add_message(
request, messages.ERROR, request, messages.ERROR,
_('You already have a collection called "%s"!') % \ _('You already have a collection called "%s"!') % \
request.POST['title']) request.form['title'])
elif slug_used: elif slug_used:
form.slug.errors.append( form.slug.errors.append(
_(u'A collection with that slug already exists for this user.')) _(u'A collection with that slug already exists for this user.'))
else: else:
collection.title = unicode(request.POST['title']) collection.title = unicode(request.form['title'])
collection.description = unicode(request.POST.get('description')) collection.description = unicode(request.form.get('description'))
collection.slug = unicode(request.POST['slug']) collection.slug = unicode(request.form['slug'])
collection.save() collection.save()

2
mediagoblin/meddleware/csrf.py
View File

@ -132,7 +132,7 @@ class CsrfMeddleware(BaseMeddleware):
return HTTPForbidden() return HTTPForbidden()
# get the form token and confirm it matches # get the form token and confirm it matches
form = CsrfForm(request.POST) form = CsrfForm(request.form)
if form.validate(): if form.validate():
form_token = form.csrf_token.data form_token = form.csrf_token.data

27
mediagoblin/plugins/api/views.py
View File

@ -20,8 +20,8 @@ import uuid
from os.path import splitext from os.path import splitext
from webob import exc, Response from webob import exc, Response
from cgi import FieldStorage
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from werkzeug.datastructures import FileStorage
from celery import registry from celery import registry
from mediagoblin.db.util import ObjectId from mediagoblin.db.util import ObjectId
@ -29,13 +29,10 @@ from mediagoblin.decorators import require_active_login
from mediagoblin.processing import mark_entry_failed from mediagoblin.processing import mark_entry_failed
from mediagoblin.processing.task import ProcessMedia from mediagoblin.processing.task import ProcessMedia
from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.media_types import sniff_media, InvalidFileType, \ from mediagoblin.media_types import sniff_media
FileTypeNotSupported
from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \ from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \
json_response json_response
from mediagoblin.plugins.api import config
_log = logging.getLogger(__name__) _log = logging.getLogger(__name__)
@ -52,24 +49,24 @@ def post_entry(request):
_log.debug('Must POST against post_entry') _log.debug('Must POST against post_entry')
return exc.HTTPBadRequest() return exc.HTTPBadRequest()
if not 'file' in request.POST \ if not 'file' in request.files \
or not isinstance(request.POST['file'], FieldStorage) \ or not isinstance(request.files['file'], FileStorage) \
or not request.POST['file'].file: or not request.files['file'].stream:
_log.debug('File field not found') _log.debug('File field not found')
return exc.HTTPBadRequest() return exc.HTTPBadRequest()
media_file = request.POST['file'] media_file = request.files['file']
media_type, media_manager = sniff_media(media_file) media_type, media_manager = sniff_media(media_file)
entry = request.db.MediaEntry() entry = request.db.MediaEntry()
entry.id = ObjectId() entry.id = ObjectId()
entry.media_type = unicode(media_type) entry.media_type = unicode(media_type)
entry.title = unicode(request.POST.get('title') entry.title = unicode(request.form.get('title')
or splitext(media_file.filename)[0]) or splitext(media_file.filename)[0])
entry.description = unicode(request.POST.get('description')) entry.description = unicode(request.form.get('description'))
entry.license = unicode(request.POST.get('license', '')) entry.license = unicode(request.form.get('license', ''))
entry.uploader = request.user.id entry.uploader = request.user.id
@ -88,7 +85,7 @@ def post_entry(request):
queue_filepath, 'wb') queue_filepath, 'wb')
with queue_file: with queue_file:
queue_file.write(request.POST['file'].file.read()) queue_file.write(request.files['file'].stream.read())
# Add queued filename to the entry # Add queued filename to the entry
entry.queued_media_file = queue_filepath entry.queued_media_file = queue_filepath
@ -98,10 +95,10 @@ def post_entry(request):
# Save now so we have this data before kicking off processing # Save now so we have this data before kicking off processing
entry.save(validate=True) entry.save(validate=True)
if request.POST.get('callback_url'): if request.form.get('callback_url'):
metadata = request.db.ProcessingMetaData() metadata = request.db.ProcessingMetaData()
metadata.media_entry = entry metadata.media_entry = entry
metadata.callback_url = unicode(request.POST['callback_url']) metadata.callback_url = unicode(request.form['callback_url'])
metadata.save() metadata.save()
# Pass off to processing # Pass off to processing

6
mediagoblin/plugins/oauth/README.rst
View File

@ -133,10 +133,12 @@ Incapabilities
============== ==============
- Only `bearer tokens`_ are issued. - Only `bearer tokens`_ are issued.
- `Access Token Scope`_
- `Implicit Grant`_ - `Implicit Grant`_
- `Force TLS for token endpoint`_ - This one is up the the siteadmin
- Authorization `scope`_ and `state`
- ... - ...
.. _`bearer tokens`: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08 .. _`bearer tokens`: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08
.. _`Access Token Scope`: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3 .. _`scope`: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.3
.. _`Implicit Grant`: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-4.2 .. _`Implicit Grant`: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-4.2
.. _`Force TLS for token endpoint`: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-3.2

58
mediagoblin/plugins/oauth/views.py
View File

@ -41,15 +41,15 @@ def register_client(request):
''' '''
Register an OAuth client Register an OAuth client
''' '''
form = ClientRegistrationForm(request.POST) form = ClientRegistrationForm(request.form)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
client = OAuthClient() client = OAuthClient()
client.name = unicode(request.POST['name']) client.name = unicode(request.form['name'])
client.description = unicode(request.POST['description']) client.description = unicode(request.form['description'])
client.type = unicode(request.POST['type']) client.type = unicode(request.form['type'])
client.owner_id = request.user.id client.owner_id = request.user.id
client.redirect_uri = unicode(request.POST['redirect_uri']) client.redirect_uri = unicode(request.form['redirect_uri'])
client.generate_identifier() client.generate_identifier()
client.generate_secret() client.generate_secret()
@ -86,7 +86,7 @@ def list_connections(request):
@require_active_login @require_active_login
def authorize_client(request): def authorize_client(request):
form = AuthorizationForm(request.POST) form = AuthorizationForm(request.form)
client = OAuthClient.query.filter(OAuthClient.id == client = OAuthClient.query.filter(OAuthClient.id ==
form.client_id.data).first() form.client_id.data).first()
@ -169,7 +169,7 @@ def authorize(request, client):
# code parameter # code parameter
# - on deny: send the user agent back to the redirect uri with error # - on deny: send the user agent back to the redirect uri with error
# information # information
form = AuthorizationForm(request.POST) form = AuthorizationForm(request.form)
form.client_id.data = client.id form.client_id.data = client.id
form.next.data = request.url form.next.data = request.url
return render_to_response( return render_to_response(
@ -185,6 +185,31 @@ def access_token(request):
request.GET.get('code')).first() request.GET.get('code')).first()
if code: if code:
if code.client.type == u'confidential':
client_identifier = request.GET.get('client_id')
if not client_identifier:
return json_response({
'error': 'invalid_request',
'error_description':
'Missing client_id in request'})
client_secret = request.GET.get('client_secret')
if not client_secret:
return json_response({
'error': 'invalid_request',
'error_description':
'Missing client_secret in request'})
if not client_secret == code.client.secret or \
not client_identifier == code.client.identifier:
return json_response({
'error': 'invalid_client',
'error_description':
'The client_id or client_secret does not match the'
' code'})
token = OAuthToken() token = OAuthToken()
token.token = unicode(uuid4()) token.token = unicode(uuid4())
token.user = code.user token.user = code.user
@ -194,10 +219,17 @@ def access_token(request):
access_token_data = { access_token_data = {
'access_token': token.token, 'access_token': token.token,
'token_type': 'bearer', 'token_type': 'bearer',
'expires_in': 'expires_in': int(
(token.expires - datetime.now()).total_seconds()} round(
(token.expires - datetime.now()).total_seconds()))}
return json_response(access_token_data, _disable_cors=True) return json_response(access_token_data, _disable_cors=True)
else:
error_data = { return json_response({
'error': 'Incorrect code'} 'error': 'invalid_request',
return Response(json.dumps(error_data)) 'error_description':
'Invalid code'})
else:
return json_response({
'error': 'invalid_request',
'error_descriptin':
'Missing `code` parameter in request'})

16
mediagoblin/submit/views.py
View File

@ -47,7 +47,7 @@ def submit_start(request):
""" """
First view for submitting a file. First view for submitting a file.
""" """
submit_form = submit_forms.SubmitStartForm(request.POST) submit_form = submit_forms.SubmitStartForm(request.form)
if request.method == 'POST' and submit_form.validate(): if request.method == 'POST' and submit_form.validate():
if not ('file' in request.files if not ('file' in request.files
@ -69,18 +69,18 @@ def submit_start(request):
entry.id = ObjectId() entry.id = ObjectId()
entry.media_type = unicode(media_type) entry.media_type = unicode(media_type)
entry.title = ( entry.title = (
unicode(request.POST['title']) unicode(request.form['title'])
or unicode(splitext(filename)[0])) or unicode(splitext(filename)[0]))
entry.description = unicode(request.POST.get('description')) entry.description = unicode(request.form.get('description'))
entry.license = unicode(request.POST.get('license', "")) or None entry.license = unicode(request.form.get('license', "")) or None
entry.uploader = request.user._id entry.uploader = request.user._id
# Process the user's folksonomy "tags" # Process the user's folksonomy "tags"
entry.tags = convert_to_tag_list_of_dicts( entry.tags = convert_to_tag_list_of_dicts(
request.POST.get('tags')) request.form.get('tags'))
# Generate a slug from the title # Generate a slug from the title
entry.generate_slug() entry.generate_slug()
@ -188,16 +188,16 @@ def add_collection(request, media=None):
""" """
View to create a new collection View to create a new collection
""" """
submit_form = submit_forms.AddCollectionForm(request.POST) submit_form = submit_forms.AddCollectionForm(request.form)
if request.method == 'POST' and submit_form.validate(): if request.method == 'POST' and submit_form.validate():
try: try:
collection = request.db.Collection() collection = request.db.Collection()
collection.id = ObjectId() collection.id = ObjectId()
collection.title = unicode(request.POST['title']) collection.title = unicode(request.form['title'])
collection.description = unicode(request.POST.get('description')) collection.description = unicode(request.form.get('description'))
collection.creator = request.user._id collection.creator = request.user._id
collection.generate_slug() collection.generate_slug()

25
mediagoblin/tests/test_http_callback.py
View File

@ -32,8 +32,6 @@ class TestHTTPCallback(object):
self.user_password = 'secret' self.user_password = 'secret'
self.user = fixture_add_user('call_back', self.user_password) self.user = fixture_add_user('call_back', self.user_password)
self.oauth = oauth.TestOAuth()
self.oauth.setUp()
self.login() self.login()
@ -42,10 +40,11 @@ class TestHTTPCallback(object):
'username': self.user.username, 'username': self.user.username,
'password': self.user_password}) 'password': self.user_password})
def get_access_token(self, client_id, code): def get_access_token(self, client_id, client_secret, code):
response = self.app.get('/oauth/access_token', { response = self.app.get('/oauth/access_token', {
'code': code, 'code': code,
'client_id': client_id}) 'client_id': client_id,
'client_secret': client_secret})
response_data = json.loads(response.body) response_data = json.loads(response.body)
@ -53,18 +52,28 @@ class TestHTTPCallback(object):
def test_callback(self): def test_callback(self):
''' Test processing HTTP callback ''' ''' Test processing HTTP callback '''
self.oauth = oauth.TestOAuth()
self.oauth.setUp()
redirect, client_id = self.oauth.test_4_authorize_confidential_client() redirect, client_id = self.oauth.test_4_authorize_confidential_client()
code = parse_qs(urlparse(redirect.location).query)['code'][0] code = parse_qs(urlparse(redirect.location).query)['code'][0]
access_token = self.get_access_token(client_id, code) client = self.db.OAuthClient.query.filter(
self.db.OAuthClient.identifier == unicode(client_id)).first()
client_secret = client.secret
access_token = self.get_access_token(client_id, client_secret, code)
callback_url = 'https://foo.example?secrettestmediagoblinparam' callback_url = 'https://foo.example?secrettestmediagoblinparam'
res = self.app.post('/api/submit?client_id={0}&access_token={1}'\ res = self.app.post('/api/submit?client_id={0}&access_token={1}\
.format( &client_secret={2}'.format(
client_id, client_id,
access_token), { access_token,
client_secret), {
'title': 'Test', 'title': 'Test',
'callback_url': callback_url}, 'callback_url': callback_url},
upload_files=[('file', GOOD_PNG)]) upload_files=[('file', GOOD_PNG)])

2
mediagoblin/tools/translate.py
View File

@ -60,7 +60,7 @@ def get_locale_from_request(request):
Figure out what target language is most appropriate based on the Figure out what target language is most appropriate based on the
request request
""" """
request_form = request.GET or request.POST request_form = request.GET or request.form
if request_form.has_key('lang'): if request_form.has_key('lang'):
return locale_to_lower_upper(request_form['lang']) return locale_to_lower_upper(request_form['lang'])

22
mediagoblin/user_pages/views.py
View File

@ -126,7 +126,7 @@ def media_home(request, media, page, **kwargs):
comments = pagination() comments = pagination()
comment_form = user_forms.MediaCommentForm(request.POST) comment_form = user_forms.MediaCommentForm(request.form)
media_template_name = get_media_manager( media_template_name = get_media_manager(
media.media_type)['display_template'] media.media_type)['display_template']
@ -152,7 +152,7 @@ def media_post_comment(request, media):
comment = request.db.MediaComment() comment = request.db.MediaComment()
comment.media_entry = media.id comment.media_entry = media.id
comment.author = request.user.id comment.author = request.user.id
comment.content = unicode(request.POST['comment_content']) comment.content = unicode(request.form['comment_content'])
if not comment.content.strip(): if not comment.content.strip():
messages.add_message( messages.add_message(
@ -180,7 +180,7 @@ def media_post_comment(request, media):
@require_active_login @require_active_login
def media_collect(request, media): def media_collect(request, media):
form = user_forms.MediaCollectForm(request.POST) form = user_forms.MediaCollectForm(request.form)
filt = (request.db.Collection.creator == request.user.id) filt = (request.db.Collection.creator == request.user.id)
form.collection.query = request.db.Collection.query.filter( form.collection.query = request.db.Collection.query.filter(
filt).order_by(request.db.Collection.title) filt).order_by(request.db.Collection.title)
@ -192,15 +192,15 @@ def media_collect(request, media):
collection_item = request.db.CollectionItem() collection_item = request.db.CollectionItem()
# If the user is adding a new collection, use that # If the user is adding a new collection, use that
if request.POST['collection_title']: if request.form['collection_title']:
collection = request.db.Collection() collection = request.db.Collection()
collection.id = ObjectId() collection.id = ObjectId()
collection.title = ( collection.title = (
unicode(request.POST['collection_title'])) unicode(request.form['collection_title']))
collection.description = unicode( collection.description = unicode(
request.POST.get('collection_description')) request.form.get('collection_description'))
collection.creator = request.user._id collection.creator = request.user._id
collection.generate_slug() collection.generate_slug()
@ -225,7 +225,7 @@ def media_collect(request, media):
# Otherwise, use the collection selected from the drop-down # Otherwise, use the collection selected from the drop-down
else: else:
collection = request.db.Collection.find_one({ collection = request.db.Collection.find_one({
'_id': request.POST.get('collection')}) '_id': request.form.get('collection')})
collection_item.collection = collection.id collection_item.collection = collection.id
# Make sure the user actually selected a collection # Make sure the user actually selected a collection
@ -244,7 +244,7 @@ def media_collect(request, media):
else: else:
collection_item.media_entry = media.id collection_item.media_entry = media.id
collection_item.author = request.user.id collection_item.author = request.user.id
collection_item.note = unicode(request.POST['note']) collection_item.note = unicode(request.form['note'])
collection_item.save(validate=True) collection_item.save(validate=True)
collection.items = collection.items + 1 collection.items = collection.items + 1
@ -277,7 +277,7 @@ def media_collect(request, media):
@user_may_delete_media @user_may_delete_media
def media_confirm_delete(request, media): def media_confirm_delete(request, media):
form = user_forms.ConfirmDeleteForm(request.POST) form = user_forms.ConfirmDeleteForm(request.form)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
if form.confirm.data is True: if form.confirm.data is True:
@ -360,7 +360,7 @@ def user_collection(request, page):
@user_may_alter_collection @user_may_alter_collection
def collection_item_confirm_remove(request, collection_item): def collection_item_confirm_remove(request, collection_item):
form = user_forms.ConfirmCollectionItemRemoveForm(request.POST) form = user_forms.ConfirmCollectionItemRemoveForm(request.form)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():
username = collection_item.in_collection.get_creator.username username = collection_item.in_collection.get_creator.username
@ -405,7 +405,7 @@ def collection_item_confirm_remove(request, collection_item):
@user_may_alter_collection @user_may_alter_collection
def collection_confirm_delete(request, collection): def collection_confirm_delete(request, collection):
form = user_forms.ConfirmDeleteForm(request.POST) form = user_forms.ConfirmDeleteForm(request.form)
if request.method == 'POST' and form.validate(): if request.method == 'POST' and form.validate():