diff options
author | Florian Dold <florian@dold.me> | 2020-11-09 21:36:34 +0100 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2020-11-09 21:36:34 +0100 |
commit | a87bd68502667b6ab75a82c44aa36fbb15882941 (patch) | |
tree | 65af494f9cd467c9a79d19e33821279485ca13ac /talerbank/app/views.py | |
parent | f9446c7338898a1d6cb9e4947e4e4e48afcdec47 (diff) | |
download | bank-a87bd68502667b6ab75a82c44aa36fbb15882941.tar.gz bank-a87bd68502667b6ab75a82c44aa36fbb15882941.tar.bz2 bank-a87bd68502667b6ab75a82c44aa36fbb15882941.zip |
pretty printer
Diffstat (limited to 'talerbank/app/views.py')
-rw-r--r-- | talerbank/app/views.py | 131 |
1 files changed, 91 insertions, 40 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py index 004d200..fc1eb54 100644 --- a/talerbank/app/views.py +++ b/talerbank/app/views.py @@ -87,15 +87,19 @@ def login_via_headers(view_func): if not user_account: raise LoginFailed("authentication failed") return view_func(request, user_account, *args, **kwargs) + return wraps(view_func)(_decorator) + def allow_origin_star(view_func): def _decorator(request, *args, **kwargs): response = view_func(request, *args, **kwargs) response["Access-Control-Allow-Origin"] = "*" return response + return wraps(view_func)(_decorator) + class PaytoParse: def __init__(self, payto_uri): parsed_payto = urlparse(payto_uri) @@ -235,6 +239,7 @@ def get_session_hint(request): del request.session["hint"] return ret + def set_session_hint(request, success, hint): if "hint" in request.session: LOGGER.warning("Overriding a non consumed hint") @@ -298,6 +303,7 @@ class InputDatalist(forms.TextInput): datalist += "</datalist>" return html + datalist + class PaytoTransferForm(forms.Form): address = forms.CharField() @@ -309,6 +315,7 @@ def payto_form(request): ) return render(request, "payto_wiretransfer.html", context) + ## # This method serves the profile page, which is the main # page where the user interacts with the bank, and also the @@ -346,16 +353,13 @@ def profile_page(request): response.status_code = HTTPStatus.ACCEPTED return response + @login_required @require_POST def payto_transfer(request): data = PaytoTransferForm(request.POST) if not data.is_valid(): - set_session_hint( - request, - success=False, - hint=gettext("Bad form submitted!") - ) + set_session_hint(request, success=False, hint=gettext("Bad form submitted!")) return redirect("profile") parsed_address = PaytoParse(data.cleaned_data.get("address")) @@ -363,15 +367,12 @@ def payto_transfer(request): parsed_address.amount, BankAccount.objects.get(user=request.user), BankAccount.objects.get(account_no=parsed_address.account), - parsed_address.subject - ) - set_session_hint( - request, - success=True, - hint=gettext("Wire transfer successful!") + parsed_address.subject, ) + set_session_hint(request, success=True, hint=gettext("Wire transfer successful!")) return redirect("profile") + ## # Helper function that hashes its input. Usually # used to hash the response to the math CAPTCHA. @@ -465,15 +466,19 @@ def register_headless(request): registering a user. """ if not settings.ALLOW_REGISTRATIONS: - return JsonResponse(dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN) + return JsonResponse( + dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN + ) username = expect_json_body_str(request, "username") password = expect_json_body_str(request, "password") try: internal_register(username, password) except UsernameUnavailable: - return JsonResponse(dict(hint="username unavailable"), status=HTTPStatus.CONFLICT) + return JsonResponse( + dict(hint="username unavailable"), status=HTTPStatus.CONFLICT + ) except InvalidInputData: - return HttpResponse(status=HTTPStatus.NOT_ACCEPTABLE) # WTF? BAD REQUEST? + return HttpResponse(status=HTTPStatus.NOT_ACCEPTABLE) # WTF? BAD REQUEST? return HttpResponse(status=HTTPStatus.OK) @@ -487,7 +492,9 @@ def register(request): """ if not settings.ALLOW_REGISTRATIONS: # FIXME: shouldn't be JSON! - return JsonResponse(dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN) + return JsonResponse( + dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN + ) if request.method != "POST": return render(request, "register.html") @@ -520,9 +527,7 @@ def register(request): {"wrong": True, "hint": "Out of business, cannot admit new customers."}, ) - set_session_hint( - request, success=True, hint=gettext("Registration successful!") - ) + set_session_hint(request, success=True, hint=gettext("Registration successful!")) django.contrib.auth.login(request, user) return redirect("profile") @@ -646,12 +651,15 @@ def serve_public_accounts(request, name=None, page=None): forth=page + 1 if page < num_pages else None, public_accounts=public_accounts, selected_account=dict( - name=name, number=user.bankaccount.account_no, history=history, + name=name, + number=user.bankaccount.account_no, + history=history, ), pages=pages, ) return render(request, "public_accounts.html", context) + ## # Build the DB query switch based on the "direction" history # argument given by the user. @@ -859,7 +867,12 @@ def twg_add_incoming(request, user_account, acct_id): debit_account = BankAccount.objects.get(user=debit_user) subject = f"{reserve_pub}" - wtrans = wire_transfer(amount, debit_account, exchange_account, subject,) + wtrans = wire_transfer( + amount, + debit_account, + exchange_account, + subject, + ) return JsonResponse( { @@ -898,8 +911,11 @@ def twg_transfer(request, user_account, acct_id): LOGGER.error(f"credit account '{credit_account_name}' does not exist") # FIXME: use EC from taler-util library return JsonResponse( - dict(code=ErrorCode.BANK_UNKNOWN_ACCOUNT, - error="credit account does not exist"), status=404 + dict( + code=ErrorCode.BANK_UNKNOWN_ACCOUNT, + error="credit account does not exist", + ), + status=404, ) credit_account = BankAccount.objects.get(user=credit_user) @@ -947,7 +963,12 @@ def twg_history_incoming(request, user_account, acct_id): start = None else: start = int(start_str) - qs = query_history(user_account.bankaccount, "credit", delta, start,) + qs = query_history( + user_account.bankaccount, + "credit", + delta, + start, + ) for item in qs: rp = get_reserve_pub(item.subject) if rp is None: @@ -975,7 +996,12 @@ def twg_history_outgoing(request, user_account, acct_id): start = None else: start = int(start_str) - qs = query_history(user_account.bankaccount, "debit", delta, start,) + qs = query_history( + user_account.bankaccount, + "debit", + delta, + start, + ) for item in qs: # FIXME: proper parsing, more structure in subject wtid, exchange_base_url = item.subject.split(" ") @@ -1045,13 +1071,16 @@ def withdraw_headless(request, user): exchange_payto = data.get("exchange_payto_uri") if not exchange_payto: - return JsonResponse(dict(hint="exchange_payto_uri missig"), status=HTTPStatus.BAD_REQUEST) + return JsonResponse( + dict(hint="exchange_payto_uri missig"), status=HTTPStatus.BAD_REQUEST + ) exchange_account_name = get_acct_from_payto(exchange_payto) try: exchange_user = User.objects.get(username=exchange_account_name) except User.DoesNotExist: return JsonResponse( - dict(hint="exchange bank account does not exist"), status=HTTPStatus.NOT_FOUND + dict(hint="exchange bank account does not exist"), + status=HTTPStatus.NOT_FOUND, ) exchange_bankaccount = exchange_user.bankaccount wire_transfer( @@ -1074,7 +1103,9 @@ def api_withdraw_operation(request, withdraw_id): try: op = TalerWithdrawOperation.objects.get(withdraw_id=withdraw_id) except ObjectDoesNotExist: - return JsonResponse(dict(error="withdraw operation does not exist"), status=HTTPStatus.NOT_FOUND) + return JsonResponse( + dict(error="withdraw operation does not exist"), status=HTTPStatus.NOT_FOUND + ) if request.method == "POST": data = json.loads(decode_body(request)) @@ -1082,18 +1113,27 @@ def api_withdraw_operation(request, withdraw_id): try: exchange_account_name = get_acct_from_payto(exchange_payto_uri) except: - return JsonResponse(dict(error="exchange payto URI malformed"), status=HTTPStatus.BAD_REQUEST) + return JsonResponse( + dict(error="exchange payto URI malformed"), + status=HTTPStatus.BAD_REQUEST, + ) try: exchange_user = User.objects.get(username=exchange_account_name) except User.DoesNotExist: return JsonResponse( - dict(code=ErrorCode.BANK_UNKNOWN_ACCOUNT, - hint="bank account in payto URI unknown"), status=HTTPStatus.BAD_REQUEST # WTF? NOT_FOUND? + dict( + code=ErrorCode.BANK_UNKNOWN_ACCOUNT, + hint="bank account in payto URI unknown", + ), + status=HTTPStatus.BAD_REQUEST, # WTF? NOT_FOUND? ) exchange_account = exchange_user.bankaccount selected_reserve_pub = data.get("reserve_pub") if not isinstance(selected_reserve_pub, str): - return JsonResponse(dict(error="reserve_pub must be a string"), status=HTTPStatus.BAD_REQUEST) + return JsonResponse( + dict(error="reserve_pub must be a string"), + status=HTTPStatus.BAD_REQUEST, + ) if op.selection_done: if ( op.selected_exchange_account != exchange_account @@ -1102,7 +1142,7 @@ def api_withdraw_operation(request, withdraw_id): return JsonResponse( dict( code=ErrorCode.BANK_WITHDRAWAL_OPERATION_RESERVE_SELECTION_CONFLICT, - hint="selection of withdraw parameters already done" + hint="selection of withdraw parameters already done", ), status=HTTPStatus.CONFLICT, ) @@ -1145,7 +1185,10 @@ def api_withdraw_operation(request, withdraw_id): ) ) else: - return JsonResponse(dict(error="only GET and POST are allowed"), status=HTTPStatus.METHOD_NOT_ALLOWED) + return JsonResponse( + dict(error="only GET and POST are allowed"), + status=HTTPStatus.METHOD_NOT_ALLOWED, + ) @login_required @@ -1216,7 +1259,9 @@ def confirm_withdrawal(request, withdraw_id): type(hashed_attempt), type(request.POST.get("pin_1")), ) - set_session_hint(request, success=False, hint=gettext("Wrong CAPTCHA answer.")) + set_session_hint( + request, success=False, hint=gettext("Wrong CAPTCHA answer.") + ) return redirect("withdraw-confirm", withdraw_id=withdraw_id) op.confirmation_done = True op.save() @@ -1226,9 +1271,7 @@ def confirm_withdrawal(request, withdraw_id): op.selected_exchange_account, op.selected_reserve_pub, ) - set_session_hint( - request, success=True, hint=gettext("Withdrawal successful!") - ) + set_session_hint(request, success=True, hint=gettext("Withdrawal successful!")) request.session["just_withdrawn"] = True return redirect("profile") @@ -1243,7 +1286,7 @@ def confirm_withdrawal(request, withdraw_id): amount=op.amount.stringify(settings.TALER_DIGITS), exchange=op.selected_exchange_account.user, is_success=is_success, - hint=hint + hint=hint, ) return render(request, "withdraw_confirm.html", context) raise Exception("not reached") @@ -1402,6 +1445,7 @@ def bank_accounts_api_get_withdrawal(request, user, acct_id, wid): } ) + def withdraw_abort_internal(wid): op = TalerWithdrawOperation.objects.get(withdraw_id=wid) if op.confirmation_done: @@ -1415,7 +1459,11 @@ def withdraw_abort_internal(wid): @login_required def abort_withdrawal(request, withdraw_id): internal_status = withdraw_abort_internal(withdraw_id) - set_session_hint(request, success=internal_status["status"] == HTTPStatus.OK, hint=internal_status["hint"]) + set_session_hint( + request, + success=internal_status["status"] == HTTPStatus.OK, + hint=internal_status["hint"], + ) return redirect("profile") @@ -1434,6 +1482,7 @@ def bank_accounts_api_abort_withdrawal(request, user, acct_id, wid): dict(hint=internal_status["hint"]), status=internal_status["status"] ) + @csrf_exempt @require_POST @login_via_headers @@ -1448,7 +1497,9 @@ def bank_accounts_api_confirm_withdrawal(request, user, acct_id, wid): if op.confirmation_done: return JsonResponse(dict(), status=HTTPStatus.OK) if op.aborted: - return JsonResponse(dict(hint="can't confirm aborted withdrawal"), status=HTTPStatus.CONFLICT) + return JsonResponse( + dict(hint="can't confirm aborted withdrawal"), status=HTTPStatus.CONFLICT + ) with transaction.atomic(): if op.selection_done: |