X-Git-Url: https://git.mdrn.pl/edumed.git/blobdiff_plain/b99b619fb5c4504bc8a21e5c9f92a72d84638836..5d79e48732565dad23a8592eeebc8741972ef5cc:/wtem/views.py

diff --git a/wtem/views.py b/wtem/views.py
index 278ddc3..fbef888 100644
--- a/wtem/views.py
+++ b/wtem/views.py
@@ -4,6 +4,7 @@ from django.shortcuts import render
 from django.utils import simplejson
 from django.conf import settings
 from django.http import Http404, HttpResponseForbidden
+from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_exempt
 
 from .models import Submission, DEBUG_KEY, exercises
@@ -17,16 +18,22 @@ def form(request, key):
     return globals()['form_' + WTEM_CONTEST_STAGE](request, key)
     
 def form_before(request, key):
-    return render(request, 'wtem/main_before.html')
+    try:
+        submission = Submission.objects.get(key = key)
+    except:
+        return render(request, 'wtem/key_not_found_before.html')
+    else:
+        return render(request, 'wtem/main_before.html')
 
 def form_after(request, key):
     return render(request, 'wtem/main_after.html')
 
+@never_cache
 @csrf_exempt
 def form_during(request, key):
 
     if WTEM_CONTEST_STAGE != 'during':
-        if request.META['REMOTE_ADDR'] != getattr(settings, 'WTEM_CONTEST_IP_ALLOW', 'xxx'):
+        if request.META['REMOTE_ADDR'] not in getattr(settings, 'WTEM_CONTEST_IP_ALLOW', []):
             return HttpResponseForbidden('Not allowed')
 
     try:
@@ -35,7 +42,7 @@ def form_during(request, key):
         if settings.DEBUG and key == DEBUG_KEY:
             submission = Submission.create(first_name = 'Debug', last_name = 'Debug', email = 'debug@debug.com', key = DEBUG_KEY)
         else:
-            raise Http404
+            return render(request, 'wtem/key_not_found.html')
     if request.method == 'GET':
         return render(request, 'wtem/main.html', dict(exercises = exercises, end_time = submission.end_time))
     elif request.method == 'POST':