From b74fa4eb15c62d11fe0fa2b1015571c90681dd86 Mon Sep 17 00:00:00 2001 From: Radek Czajka Date: Thu, 21 Feb 2019 16:30:44 +0100 Subject: [PATCH] Auth+cache fixess --- src/api/utils.py | 5 +++++ src/api/views.py | 6 +++++- src/catalogue/api/views.py | 8 ++++++++ src/search/fields.py | 1 + src/social/api/views.py | 3 +++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/api/utils.py b/src/api/utils.py index 6dc7e4505..045ce90e9 100644 --- a/src/api/utils.py +++ b/src/api/utils.py @@ -3,7 +3,9 @@ # Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information. # from django.http import HttpResponse +from django.utils.decorators import method_decorator from django.utils.encoding import iri_to_uri +from django.views.decorators.vary import vary_on_headers def oauthlib_request(request): @@ -31,3 +33,6 @@ def oauthlib_response((headers, body, status)): v = iri_to_uri(v) response[k] = v return response + + +vary_on_auth = method_decorator(vary_on_headers('Authorization'), 'dispatch') diff --git a/src/api/views.py b/src/api/views.py index 66c9258e8..f28a4e4e1 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -16,7 +16,7 @@ from catalogue.models import Book from .models import BookUserData from . import serializers from .request_validator import PistonRequestValidator -from .utils import oauthlib_request, oauthlib_response +from .utils import oauthlib_request, oauthlib_response, vary_on_auth class OAuth1RequestTokenEndpoint(RequestTokenEndpoint): @@ -35,6 +35,7 @@ class OAuth1RequestTokenEndpoint(RequestTokenEndpoint): return urlencode(token.items()) +# Never Cache class OAuth1RequestTokenView(View): def __init__(self): self.endpoint = OAuth1RequestTokenEndpoint(PistonRequestValidator()) @@ -66,6 +67,7 @@ class OAuth1AccessTokenEndpoint(AccessTokenEndpoint): return urlencode(token.items()) +# Never cache class OAuth1AccessTokenView(View): def __init__(self): self.endpoint = OAuth1AccessTokenEndpoint(PistonRequestValidator()) @@ -78,6 +80,7 @@ class OAuth1AccessTokenView(View): ) +@vary_on_auth class UserView(RetrieveAPIView): permission_classes = [IsAuthenticated] serializer_class = serializers.UserSerializer @@ -86,6 +89,7 @@ class UserView(RetrieveAPIView): return self.request.user +@vary_on_auth class BookUserDataView(RetrieveAPIView): permission_classes = [IsAuthenticated] serializer_class = serializers.BookUserDataSerializer diff --git a/src/catalogue/api/views.py b/src/catalogue/api/views.py index ee345ba68..4e2d4f902 100644 --- a/src/catalogue/api/views.py +++ b/src/catalogue/api/views.py @@ -10,6 +10,7 @@ from rest_framework.response import Response from rest_framework import status from paypal.permissions import IsSubscribed from api.handlers import read_tags +from api.utils import vary_on_auth from .helpers import books_after, order_books from . import serializers from catalogue.forms import BookImportForm @@ -26,12 +27,14 @@ class CollectionList(ListAPIView): serializer_class = serializers.CollectionListSerializer +@vary_on_auth # Because of 'liked'. class CollectionDetail(RetrieveAPIView): queryset = Collection.objects.all() lookup_field = 'slug' serializer_class = serializers.CollectionSerializer +@vary_on_auth # Because of 'liked'. class BookList(ListAPIView): permission_classes = [DjangoModelPermissionsOrAnonReadOnly] queryset = Book.objects.none() # Required for DjangoModelPermissions @@ -97,6 +100,7 @@ class BookList(ListAPIView): raise Http404 +@vary_on_auth # Because of 'liked'. class BookDetail(RetrieveAPIView): queryset = Book.objects.all() lookup_field = 'slug' @@ -107,11 +111,13 @@ class EbookList(BookList): serializer_class = serializers.EbookSerializer +@vary_on_auth # Because of 'liked'. class Preview(ListAPIView): queryset = Book.objects.filter(preview=True) serializer_class = serializers.BookPreviewSerializer +@vary_on_auth # Because of 'liked'. class FilterBookList(ListAPIView): serializer_class = serializers.FilterBookListSerializer @@ -224,6 +230,7 @@ class TagView(RetrieveAPIView): ) +@vary_on_auth # Because of 'liked'. class FragmentList(ListAPIView): serializer_class = serializers.FragmentSerializer @@ -239,6 +246,7 @@ class FragmentList(ListAPIView): return Fragment.tagged.with_all(tags).select_related('book') +@vary_on_auth # Because of 'liked'. class FragmentView(RetrieveAPIView): serializer_class = serializers.FragmentDetailSerializer diff --git a/src/search/fields.py b/src/search/fields.py index 9572fa3ae..e2cfb5463 100755 --- a/src/search/fields.py +++ b/src/search/fields.py @@ -19,6 +19,7 @@ class JQueryAutoCompleteWidget(forms.TextInput): def render(self, name, value=None, attrs=None): final_attrs = self.build_attrs(self.attrs, attrs) + final_attrs["name"] = name if value: final_attrs['value'] = smart_unicode(value) diff --git a/src/social/api/views.py b/src/social/api/views.py index 555fd8433..1be521044 100644 --- a/src/social/api/views.py +++ b/src/social/api/views.py @@ -8,12 +8,14 @@ from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView from api.models import BookUserData +from api.utils import vary_on_auth from catalogue.api.helpers import order_books, books_after from catalogue.api.serializers import BookSerializer from catalogue.models import Book from social.utils import likes +@vary_on_auth class LikeView(APIView): permission_classes = [IsAuthenticated] @@ -31,6 +33,7 @@ class LikeView(APIView): return Response({}) +@vary_on_auth class ShelfView(ListAPIView): permission_classes = [IsAuthenticated] serializer_class = BookSerializer -- 2.20.1