diff --git a/web/flaskr/routes.py b/web/flaskr/routes.py index 551ca869..e6147fcd 100755 --- a/web/flaskr/routes.py +++ b/web/flaskr/routes.py @@ -244,7 +244,7 @@ def get_meetings_stats(): @auth.token_auth(provider_name="default") def api_meetings(): if not auth.current_token_identity: - return redirect("/") + return redirect(url_for("routes.index")) info = { "given_name": auth.current_token_identity["given_name"], @@ -368,13 +368,15 @@ def faq(): @bp.route("/") def index(): if has_user_session(): - return redirect("/welcome") + return redirect(url_for("routes.welcome")) else: - return redirect("/home") + return redirect(url_for("routes.home")) @bp.route("/home") def home(): + if has_user_session(): + return redirect(url_for("routes.welcome")) is_rie = any( [ IPAddress(request.remote_addr) in IPNetwork(network_ip) @@ -446,7 +448,7 @@ def quick_mail_meeting(): ), "error_login", ) - return redirect("/") + return redirect(url_for("routes.index")) if not is_accepted_email(email): flash( lazy_gettext( @@ -454,7 +456,7 @@ def quick_mail_meeting(): ), "error_login", ) - return redirect("/") + return redirect(url_for("routes.index")) user = User( id=email ) # this user can probably be removed if we created adock function @@ -463,7 +465,7 @@ def quick_mail_meeting(): flash( lazy_gettext("Vous avez reçu un courriel pour vous connecter"), "success_login" ) - return redirect("/") + return redirect(url_for("routes.index")) def _send_mail(meeting, to_email): @@ -518,7 +520,7 @@ def show_meeting(meeting_id): lazy_gettext("Vous ne pouvez pas voir cet élément (identifiant incorrect)"), "warning", ) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) user = get_current_user() meeting = Meeting.query.get(meeting_id) if meeting.user_id == user.id: @@ -527,7 +529,7 @@ def show_meeting(meeting_id): meeting=add_mailto_links(meeting.get_data_as_dict(user.fullname)), ) flash(lazy_gettext("Vous ne pouvez pas consulter cet élément"), "warning") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/recordings/", methods=["GET"]) @@ -539,7 +541,7 @@ def show_meeting_recording(meeting_id): lazy_gettext("Vous ne pouvez pas voir cet élément (identifiant incorrect)"), "warning", ) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) user = get_current_user() meeting = Meeting.query.get(meeting_id) if meeting.user_id == user.id: @@ -551,7 +553,7 @@ def show_meeting_recording(meeting_id): form=form, ) flash(lazy_gettext("Vous ne pouvez pas consulter cet élément"), "warning") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting//recordings/", methods=["POST"]) @@ -584,7 +586,7 @@ def update_recording_name(meeting_id, recording_id): def new_meeting(): user = get_current_user() if not user.can_create_meetings: - return redirect("/welcome") + return redirect(url_for("routes.welcome")) form = MeetingWithRecordForm() if current_app.config["RECORDING"] else MeetingForm() @@ -615,7 +617,7 @@ def edit_meeting(meeting_id): recording=current_app.config["RECORDING"], ) flash("Vous ne pouvez pas modifier cet élément", "warning") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/files/", methods=["GET"]) @@ -652,7 +654,7 @@ def edit_meeting_files(meeting_id): beta=current_app.config["BETA"], ) flash(lazy_gettext("Vous ne pouvez pas modifier cet élément"), "warning") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/files//", methods=["GET"]) @@ -703,8 +705,8 @@ def download_meeting_files(meeting_id, file_id): user.disable_nextcloud() print("webdav call encountered following exception : %s" % exception) flash("Le fichier ne semble pas accessible", "error") - return redirect("/welcome") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) + return redirect(url_for("routes.welcome")) @bp.route("/meeting/files//toggledownload", methods=["POST"]) @@ -714,7 +716,7 @@ def toggledownload(meeting_id): data = request.get_json() if user is None: - return redirect("/welcome") + return redirect(url_for("routes.welcome")) meeting = Meeting.query.get(meeting_id) meeting_file = MeetingFiles.query.get(data["id"]) if meeting_file is not None and meeting.user_id == user.id: @@ -722,7 +724,7 @@ def toggledownload(meeting_id): meeting_file.save() return jsonify(status=200, id=data["id"]) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/files//default", methods=["POST"]) @@ -981,7 +983,7 @@ def add_dropzone_files(meeting_id): return upload(user, meeting_id, request.files["dropzoneFiles"]) else: flash("Traitement de requête impossible", "error") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) # for dropzone chunk file by file validation @@ -1067,7 +1069,7 @@ def save_meeting(): is_new_meeting = not form.data["id"] if not user.can_create_meetings and is_new_meeting: - return redirect("/welcome") + return redirect(url_for("routes.welcome")) if not form.validate(): flash("Le formulaire contient des erreurs", "error") @@ -1107,7 +1109,7 @@ def save_meeting(): meeting=meeting, form=EndMeetingForm(data={"meeting_id": meeting_id}), ) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/end", methods=["POST"]) @@ -1125,7 +1127,7 @@ def end_meeting(): f"{current_app.config['WORDING_MEETING'].capitalize()} « {meeting.name} » terminé(e)", "success", ) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/create/", methods=["GET"]) @@ -1136,7 +1138,7 @@ def create_meeting(meeting_id): if m.user_id == user.id: m.create_bbb() m.save() - return redirect("/welcome") + return redirect(url_for("routes.welcome")) # draft for insertDocument calls to BBB API @@ -1200,7 +1202,7 @@ def externalUpload(meeting_id): ): return render_template("meeting/externalUpload.html", meeting=meeting) else: - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/ncdownload///", methods=["GET"]) @@ -1277,17 +1279,17 @@ def signin_mail_meeting(meeting_fake_id, expiration, h): ), "success", ) - return redirect("/") + return redirect(url_for("routes.index")) hash_matches = meeting.get_mail_signin_hash(meeting_fake_id, expiration) == h if not hash_matches: flash(lazy_gettext("Lien invalide"), "error") - return redirect("/") + return redirect(url_for("routes.index")) is_expired = datetime.fromtimestamp(float(expiration)) < datetime.now() if is_expired: flash(lazy_gettext("Lien expiré"), "error") - return redirect("/") + return redirect(url_for("routes.index")) return render_template( "meeting/joinmail.html", @@ -1321,7 +1323,7 @@ def signin_meeting(meeting_fake_id, user_id, h): ), "success", ) - return redirect("/") + return redirect(url_for("routes.index")) current_user_id = get_current_user().id if has_user_session() else None role = meeting.get_role(h, current_user_id) @@ -1331,7 +1333,7 @@ def signin_meeting(meeting_fake_id, user_id, h): url_for("routes.join_meeting_as_authenticated", meeting_id=meeting_fake_id) ) elif not role: - return redirect("/") + return redirect(url_for("routes.index")) return render_template( "meeting/join.html", meeting=meeting, @@ -1373,12 +1375,12 @@ def authenticate_then_signin_meeting(meeting_fake_id, user_id, h): def waiting_meeting(meeting_fake_id, user_id, h, fullname="", fullname_suffix=""): meeting = get_meeting_from_meeting_id_and_user_id(meeting_fake_id, user_id) if meeting is None: - return redirect("/") + return redirect(url_for("routes.index")) current_user_id = get_current_user().id if has_user_session() else None role = meeting.get_role(h, current_user_id) if not role: - return redirect("/") + return redirect(url_for("routes.index")) return render_template( "meeting/join.html", meeting=meeting, @@ -1398,14 +1400,14 @@ def waiting_meeting(meeting_fake_id, user_id, h, fullname="", fullname_suffix="" def join_meeting(): form = JoinMeetingForm(request.form) if not form.validate(): - return redirect("/") + return redirect(url_for("routes.index")) fullname = form["fullname"].data meeting_fake_id = form["meeting_fake_id"].data user_id = form["user_id"].data h = form["h"].data meeting = get_meeting_from_meeting_id_and_user_id(meeting_fake_id, user_id) if meeting is None: - return redirect("/") + return redirect(url_for("routes.index")) current_user_id = get_current_user().id if has_user_session() else None role = meeting.get_role(h, current_user_id) @@ -1413,7 +1415,7 @@ def join_meeting(): if role == "authenticated": fullname = get_authenticated_attendee_fullname() elif not role: - return redirect("/") + return redirect(url_for("routes.index")) return redirect( meeting.get_join_url( role, fullname, fullname_suffix=fullname_suffix, create=True @@ -1426,7 +1428,7 @@ def join_mail_meeting(): form = JoinMailMeetingForm(request.form) if not form.validate(): flash("Lien invalide", "error") - return redirect("/") + return redirect(url_for("routes.index")) fullname = form["fullname"].data meeting_fake_id = form["meeting_fake_id"].data form["user_id"].data @@ -1444,17 +1446,17 @@ def join_mail_meeting(): ), "error", ) - return redirect("/") + return redirect(url_for("routes.index")) hash_matches = meeting.get_mail_signin_hash(meeting_fake_id, expiration) == h if not hash_matches: flash(lazy_gettext("Lien invalide"), "error") - return redirect("/") + return redirect(url_for("routes.index")) is_expired = datetime.fromtimestamp(expiration) < datetime.now() if is_expired: flash(lazy_gettext("Lien expiré"), "error") - return redirect("/") + return redirect(url_for("routes.index")) return redirect(meeting.get_join_url("moderator", fullname, create=True)) @@ -1497,7 +1499,7 @@ def join_meeting_as_role(meeting_id, role): return redirect(meeting.get_join_url(role, user.fullname, create=True)) else: flash(lazy_gettext("Accès non autorisé"), "error") - return redirect("/") + return redirect(url_for("routes.index")) @bp.route("/meeting/delete", methods=["POST", "GET"]) @@ -1530,7 +1532,7 @@ def delete_meeting(): flash(lazy_gettext("Élément supprimé"), "success") else: flash(lazy_gettext("Vous ne pouvez pas supprimer cet élément"), "error") - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/meeting/video/delete", methods=["POST"]) @@ -1561,13 +1563,13 @@ def delete_video_meeting(): lazy_gettext("Vous ne pouvez pas supprimer cette enregistrement"), "error", ) - return redirect("/welcome") + return redirect(url_for("routes.welcome")) @bp.route("/logout") @auth.oidc_logout def logout(): - return redirect("/") + return redirect(url_for("routes.index")) @current_app.errorhandler(403) diff --git a/web/tests/test_default.py b/web/tests/test_default.py index 82413e44..e3085bdd 100644 --- a/web/tests/test_default.py +++ b/web/tests/test_default.py @@ -1,3 +1,6 @@ +from flask import url_for + + def test_root__anonymous_user(client_app): response = client_app.get("/", status=302) @@ -32,10 +35,10 @@ def test_home__authenticated_user(client_app, mocker, authenticated_user): mocker.patch("flaskr.routes.get_meetings_stats", return_value=STATS) response = client_app.get( - "/home", extra_environ={"REMOTE_ADDR": "127.0.0.1"}, status=200 + "/home", extra_environ={"REMOTE_ADDR": "127.0.0.1"}, status=302 ) - response.mustcontain("") + assert response.location == url_for("routes.welcome") def test_change_language(client_app):