summaryrefslogtreecommitdiff
path: root/talerbank/app/views.py
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2020-11-09 21:36:34 +0100
committerFlorian Dold <florian@dold.me>2020-11-09 21:36:34 +0100
commita87bd68502667b6ab75a82c44aa36fbb15882941 (patch)
tree65af494f9cd467c9a79d19e33821279485ca13ac /talerbank/app/views.py
parentf9446c7338898a1d6cb9e4947e4e4e48afcdec47 (diff)
downloadbank-a87bd68502667b6ab75a82c44aa36fbb15882941.tar.gz
bank-a87bd68502667b6ab75a82c44aa36fbb15882941.tar.bz2
bank-a87bd68502667b6ab75a82c44aa36fbb15882941.zip
pretty printer
Diffstat (limited to 'talerbank/app/views.py')
-rw-r--r--talerbank/app/views.py131
1 files changed, 91 insertions, 40 deletions
diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 004d200..fc1eb54 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -87,15 +87,19 @@ def login_via_headers(view_func):
if not user_account:
raise LoginFailed("authentication failed")
return view_func(request, user_account, *args, **kwargs)
+
return wraps(view_func)(_decorator)
+
def allow_origin_star(view_func):
def _decorator(request, *args, **kwargs):
response = view_func(request, *args, **kwargs)
response["Access-Control-Allow-Origin"] = "*"
return response
+
return wraps(view_func)(_decorator)
+
class PaytoParse:
def __init__(self, payto_uri):
parsed_payto = urlparse(payto_uri)
@@ -235,6 +239,7 @@ def get_session_hint(request):
del request.session["hint"]
return ret
+
def set_session_hint(request, success, hint):
if "hint" in request.session:
LOGGER.warning("Overriding a non consumed hint")
@@ -298,6 +303,7 @@ class InputDatalist(forms.TextInput):
datalist += "</datalist>"
return html + datalist
+
class PaytoTransferForm(forms.Form):
address = forms.CharField()
@@ -309,6 +315,7 @@ def payto_form(request):
)
return render(request, "payto_wiretransfer.html", context)
+
##
# This method serves the profile page, which is the main
# page where the user interacts with the bank, and also the
@@ -346,16 +353,13 @@ def profile_page(request):
response.status_code = HTTPStatus.ACCEPTED
return response
+
@login_required
@require_POST
def payto_transfer(request):
data = PaytoTransferForm(request.POST)
if not data.is_valid():
- set_session_hint(
- request,
- success=False,
- hint=gettext("Bad form submitted!")
- )
+ set_session_hint(request, success=False, hint=gettext("Bad form submitted!"))
return redirect("profile")
parsed_address = PaytoParse(data.cleaned_data.get("address"))
@@ -363,15 +367,12 @@ def payto_transfer(request):
parsed_address.amount,
BankAccount.objects.get(user=request.user),
BankAccount.objects.get(account_no=parsed_address.account),
- parsed_address.subject
- )
- set_session_hint(
- request,
- success=True,
- hint=gettext("Wire transfer successful!")
+ parsed_address.subject,
)
+ set_session_hint(request, success=True, hint=gettext("Wire transfer successful!"))
return redirect("profile")
+
##
# Helper function that hashes its input. Usually
# used to hash the response to the math CAPTCHA.
@@ -465,15 +466,19 @@ def register_headless(request):
registering a user.
"""
if not settings.ALLOW_REGISTRATIONS:
- return JsonResponse(dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN)
+ return JsonResponse(
+ dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN
+ )
username = expect_json_body_str(request, "username")
password = expect_json_body_str(request, "password")
try:
internal_register(username, password)
except UsernameUnavailable:
- return JsonResponse(dict(hint="username unavailable"), status=HTTPStatus.CONFLICT)
+ return JsonResponse(
+ dict(hint="username unavailable"), status=HTTPStatus.CONFLICT
+ )
except InvalidInputData:
- return HttpResponse(status=HTTPStatus.NOT_ACCEPTABLE) # WTF? BAD REQUEST?
+ return HttpResponse(status=HTTPStatus.NOT_ACCEPTABLE) # WTF? BAD REQUEST?
return HttpResponse(status=HTTPStatus.OK)
@@ -487,7 +492,9 @@ def register(request):
"""
if not settings.ALLOW_REGISTRATIONS:
# FIXME: shouldn't be JSON!
- return JsonResponse(dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN)
+ return JsonResponse(
+ dict(error="registrations are not allowed"), status=HTTPStatus.FORBIDDEN
+ )
if request.method != "POST":
return render(request, "register.html")
@@ -520,9 +527,7 @@ def register(request):
{"wrong": True, "hint": "Out of business, cannot admit new customers."},
)
- set_session_hint(
- request, success=True, hint=gettext("Registration successful!")
- )
+ set_session_hint(request, success=True, hint=gettext("Registration successful!"))
django.contrib.auth.login(request, user)
return redirect("profile")
@@ -646,12 +651,15 @@ def serve_public_accounts(request, name=None, page=None):
forth=page + 1 if page < num_pages else None,
public_accounts=public_accounts,
selected_account=dict(
- name=name, number=user.bankaccount.account_no, history=history,
+ name=name,
+ number=user.bankaccount.account_no,
+ history=history,
),
pages=pages,
)
return render(request, "public_accounts.html", context)
+
##
# Build the DB query switch based on the "direction" history
# argument given by the user.
@@ -859,7 +867,12 @@ def twg_add_incoming(request, user_account, acct_id):
debit_account = BankAccount.objects.get(user=debit_user)
subject = f"{reserve_pub}"
- wtrans = wire_transfer(amount, debit_account, exchange_account, subject,)
+ wtrans = wire_transfer(
+ amount,
+ debit_account,
+ exchange_account,
+ subject,
+ )
return JsonResponse(
{
@@ -898,8 +911,11 @@ def twg_transfer(request, user_account, acct_id):
LOGGER.error(f"credit account '{credit_account_name}' does not exist")
# FIXME: use EC from taler-util library
return JsonResponse(
- dict(code=ErrorCode.BANK_UNKNOWN_ACCOUNT,
- error="credit account does not exist"), status=404
+ dict(
+ code=ErrorCode.BANK_UNKNOWN_ACCOUNT,
+ error="credit account does not exist",
+ ),
+ status=404,
)
credit_account = BankAccount.objects.get(user=credit_user)
@@ -947,7 +963,12 @@ def twg_history_incoming(request, user_account, acct_id):
start = None
else:
start = int(start_str)
- qs = query_history(user_account.bankaccount, "credit", delta, start,)
+ qs = query_history(
+ user_account.bankaccount,
+ "credit",
+ delta,
+ start,
+ )
for item in qs:
rp = get_reserve_pub(item.subject)
if rp is None:
@@ -975,7 +996,12 @@ def twg_history_outgoing(request, user_account, acct_id):
start = None
else:
start = int(start_str)
- qs = query_history(user_account.bankaccount, "debit", delta, start,)
+ qs = query_history(
+ user_account.bankaccount,
+ "debit",
+ delta,
+ start,
+ )
for item in qs:
# FIXME: proper parsing, more structure in subject
wtid, exchange_base_url = item.subject.split(" ")
@@ -1045,13 +1071,16 @@ def withdraw_headless(request, user):
exchange_payto = data.get("exchange_payto_uri")
if not exchange_payto:
- return JsonResponse(dict(hint="exchange_payto_uri missig"), status=HTTPStatus.BAD_REQUEST)
+ return JsonResponse(
+ dict(hint="exchange_payto_uri missig"), status=HTTPStatus.BAD_REQUEST
+ )
exchange_account_name = get_acct_from_payto(exchange_payto)
try:
exchange_user = User.objects.get(username=exchange_account_name)
except User.DoesNotExist:
return JsonResponse(
- dict(hint="exchange bank account does not exist"), status=HTTPStatus.NOT_FOUND
+ dict(hint="exchange bank account does not exist"),
+ status=HTTPStatus.NOT_FOUND,
)
exchange_bankaccount = exchange_user.bankaccount
wire_transfer(
@@ -1074,7 +1103,9 @@ def api_withdraw_operation(request, withdraw_id):
try:
op = TalerWithdrawOperation.objects.get(withdraw_id=withdraw_id)
except ObjectDoesNotExist:
- return JsonResponse(dict(error="withdraw operation does not exist"), status=HTTPStatus.NOT_FOUND)
+ return JsonResponse(
+ dict(error="withdraw operation does not exist"), status=HTTPStatus.NOT_FOUND
+ )
if request.method == "POST":
data = json.loads(decode_body(request))
@@ -1082,18 +1113,27 @@ def api_withdraw_operation(request, withdraw_id):
try:
exchange_account_name = get_acct_from_payto(exchange_payto_uri)
except:
- return JsonResponse(dict(error="exchange payto URI malformed"), status=HTTPStatus.BAD_REQUEST)
+ return JsonResponse(
+ dict(error="exchange payto URI malformed"),
+ status=HTTPStatus.BAD_REQUEST,
+ )
try:
exchange_user = User.objects.get(username=exchange_account_name)
except User.DoesNotExist:
return JsonResponse(
- dict(code=ErrorCode.BANK_UNKNOWN_ACCOUNT,
- hint="bank account in payto URI unknown"), status=HTTPStatus.BAD_REQUEST # WTF? NOT_FOUND?
+ dict(
+ code=ErrorCode.BANK_UNKNOWN_ACCOUNT,
+ hint="bank account in payto URI unknown",
+ ),
+ status=HTTPStatus.BAD_REQUEST, # WTF? NOT_FOUND?
)
exchange_account = exchange_user.bankaccount
selected_reserve_pub = data.get("reserve_pub")
if not isinstance(selected_reserve_pub, str):
- return JsonResponse(dict(error="reserve_pub must be a string"), status=HTTPStatus.BAD_REQUEST)
+ return JsonResponse(
+ dict(error="reserve_pub must be a string"),
+ status=HTTPStatus.BAD_REQUEST,
+ )
if op.selection_done:
if (
op.selected_exchange_account != exchange_account
@@ -1102,7 +1142,7 @@ def api_withdraw_operation(request, withdraw_id):
return JsonResponse(
dict(
code=ErrorCode.BANK_WITHDRAWAL_OPERATION_RESERVE_SELECTION_CONFLICT,
- hint="selection of withdraw parameters already done"
+ hint="selection of withdraw parameters already done",
),
status=HTTPStatus.CONFLICT,
)
@@ -1145,7 +1185,10 @@ def api_withdraw_operation(request, withdraw_id):
)
)
else:
- return JsonResponse(dict(error="only GET and POST are allowed"), status=HTTPStatus.METHOD_NOT_ALLOWED)
+ return JsonResponse(
+ dict(error="only GET and POST are allowed"),
+ status=HTTPStatus.METHOD_NOT_ALLOWED,
+ )
@login_required
@@ -1216,7 +1259,9 @@ def confirm_withdrawal(request, withdraw_id):
type(hashed_attempt),
type(request.POST.get("pin_1")),
)
- set_session_hint(request, success=False, hint=gettext("Wrong CAPTCHA answer."))
+ set_session_hint(
+ request, success=False, hint=gettext("Wrong CAPTCHA answer.")
+ )
return redirect("withdraw-confirm", withdraw_id=withdraw_id)
op.confirmation_done = True
op.save()
@@ -1226,9 +1271,7 @@ def confirm_withdrawal(request, withdraw_id):
op.selected_exchange_account,
op.selected_reserve_pub,
)
- set_session_hint(
- request, success=True, hint=gettext("Withdrawal successful!")
- )
+ set_session_hint(request, success=True, hint=gettext("Withdrawal successful!"))
request.session["just_withdrawn"] = True
return redirect("profile")
@@ -1243,7 +1286,7 @@ def confirm_withdrawal(request, withdraw_id):
amount=op.amount.stringify(settings.TALER_DIGITS),
exchange=op.selected_exchange_account.user,
is_success=is_success,
- hint=hint
+ hint=hint,
)
return render(request, "withdraw_confirm.html", context)
raise Exception("not reached")
@@ -1402,6 +1445,7 @@ def bank_accounts_api_get_withdrawal(request, user, acct_id, wid):
}
)
+
def withdraw_abort_internal(wid):
op = TalerWithdrawOperation.objects.get(withdraw_id=wid)
if op.confirmation_done:
@@ -1415,7 +1459,11 @@ def withdraw_abort_internal(wid):
@login_required
def abort_withdrawal(request, withdraw_id):
internal_status = withdraw_abort_internal(withdraw_id)
- set_session_hint(request, success=internal_status["status"] == HTTPStatus.OK, hint=internal_status["hint"])
+ set_session_hint(
+ request,
+ success=internal_status["status"] == HTTPStatus.OK,
+ hint=internal_status["hint"],
+ )
return redirect("profile")
@@ -1434,6 +1482,7 @@ def bank_accounts_api_abort_withdrawal(request, user, acct_id, wid):
dict(hint=internal_status["hint"]), status=internal_status["status"]
)
+
@csrf_exempt
@require_POST
@login_via_headers
@@ -1448,7 +1497,9 @@ def bank_accounts_api_confirm_withdrawal(request, user, acct_id, wid):
if op.confirmation_done:
return JsonResponse(dict(), status=HTTPStatus.OK)
if op.aborted:
- return JsonResponse(dict(hint="can't confirm aborted withdrawal"), status=HTTPStatus.CONFLICT)
+ return JsonResponse(
+ dict(hint="can't confirm aborted withdrawal"), status=HTTPStatus.CONFLICT
+ )
with transaction.atomic():
if op.selection_done:
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-11 12:35:59 +0000