use a dedicated subpath for token based invitation

this remove the need for the regex route converter. Nice.
2025-05-05 20:51:49 +02:00 · 2021-10-10 22:49:04 +02:00 · 2021-10-10 22:49:04 +02:00 · 4adf32360a
commit 4adf32360a
parent 044638d268
5 changed files with 4 additions and 14 deletions
--- a/ihatemoney/run.py
+++ b/ihatemoney/run.py
@ -19,7 +19,6 @@ from ihatemoney.models import db
 from ihatemoney.utils import (
    IhmJSONEncoder,
    PrefixedWSGI,
-    RegexConverter,
    em_surround,
    locale_from_iso,
    localize_list,
@ -127,8 +126,6 @@ def create_app(
        instance_relative_config=instance_relative_config,
    )

-    app.url_map.converters["regex"] = RegexConverter
-
    # If a configuration object is passed, use it. Otherwise try to find one.
    load_configuration(app, configuration)
    app.wsgi_app = PrefixedWSGI(app)
--- a/ihatemoney/tests/api_test.py
+++ b/ihatemoney/tests/api_test.py
@ -213,7 +213,7 @@ class APITestCase(IhatemoneyTestCase):
            "/api/projects/raclette/token", headers=self.get_auth("raclette")
        )
        decoded_resp = json.loads(resp.data.decode("utf-8"))
-        resp = self.client.get(f"/raclette/{decoded_resp['token']}")
+        resp = self.client.get(f"/raclette/join/{decoded_resp['token']}")
        # Test that we are redirected.
        self.assertEqual(302, resp.status_code)

--- a/ihatemoney/tests/budget_test.py
+++ b/ihatemoney/tests/budget_test.py
@ -104,7 +104,7 @@ class BudgetTestCase(IhatemoneyTestCase):
        resp = self.client.get("/authenticate")
        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
        # A token MUST have a point between payload and signature
-        resp = self.client.get("/raclette/token.invalid", follow_redirects=True)
+        resp = self.client.get("/raclette/join/token.invalid", follow_redirects=True)
        self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))

    def test_invite_code_invalidation(self):
--- a/ihatemoney/utils.py
+++ b/ihatemoney/utils.py
@ -16,7 +16,7 @@ from flask import current_app, escape, redirect, render_template
 from flask_babel import get_locale, lazy_gettext as _
 import jinja2
 from markupsafe import Markup
-from werkzeug.routing import BaseConverter, HTTPException, RoutingException
+from werkzeug.routing import HTTPException, RoutingException


 def slugify(value):
@ -416,10 +416,3 @@ def format_form_errors(form, prefix):
        errors = f"<ul><li>{error_list}</li></ul>"
        # I18N: Form error with a list of errors
        return Markup(_("{prefix}:<br />{errors}").format(prefix=prefix, errors=errors))
-
-
-# Taken from https://stackoverflow.com/a/5872904
-class RegexConverter(BaseConverter):
-    def __init__(self, url_map, *items):
-        super(RegexConverter, self).__init__(url_map)
-        self.regex = items[0]
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@ -199,7 +199,7 @@ def admin():
 # To avoid matching other endpoint with a malformed token,
 # ensure that it has a point in the middle, since it's the
 # default separator between payload and signature.
-@main.route("/<project_id>/<regex('.+\\..+'):token>", methods=["GET"])
+@main.route("/<project_id>/join/<string:token>", methods=["GET"])
 def invitation(token):
    project_id = g.project.id
    verified_project_id = Project.verify_token(