From ccef197e038a2cd3aa36fd0961686163c8524306 Mon Sep 17 00:00:00 2001 From: Radomir Dopieralski Date: Mon, 25 Mar 2024 12:10:11 +0100 Subject: [PATCH] Don't pass the auth_key for volume transfer in the URL Instead we pass it as data in the POST request. Closes-Bug: #2048493 Change-Id: I9085eb146b8f013909f6369b731c076aba3216ab --- .../dashboards/project/volumes/forms.py | 21 +++-- .../templates/volumes/_show_transfer.html | 7 -- .../dashboards/project/volumes/tests.py | 8 +- .../dashboards/project/volumes/urls.py | 5 +- .../dashboards/project/volumes/views.py | 80 +++++++++---------- 5 files changed, 52 insertions(+), 69 deletions(-) diff --git a/openstack_dashboard/dashboards/project/volumes/forms.py b/openstack_dashboard/dashboards/project/volumes/forms.py index 3d89d365f5..72e85c1f19 100644 --- a/openstack_dashboard/dashboards/project/volumes/forms.py +++ b/openstack_dashboard/dashboards/project/volumes/forms.py @@ -598,22 +598,21 @@ class CreateTransferForm(forms.SelfHandlingForm): return cleaned_name def handle(self, request, data): + volume_id = self.initial['volume_id'] try: - volume_id = self.initial['volume_id'] transfer = cinder.transfer_create(request, volume_id, data['name']) - - msg = _('Created volume transfer: "%s".') % data['name'] - messages.success(request, msg) - kwargs = { - 'transfer_id': transfer.id, - 'auth_key': transfer.auth_key - } - request.method = 'GET' - return self.next_view.as_view()(request, **kwargs) except Exception: redirect = reverse("horizon:project:volumes:index") exceptions.handle(request, _('Unable to create volume transfer.'), redirect=redirect) + else: + msg = _('Created volume transfer: "%s".') % data['name'] + messages.success(request, msg) + request.method = 'GET' + return self.next_view.as_view()( + request, transfer_id=transfer.id, + auth_key=transfer.auth_key, + ) class AcceptTransferForm(forms.SelfHandlingForm): @@ -652,7 +651,7 @@ class ShowTransferForm(forms.SelfHandlingForm): required=False) def handle(self, request, data): - pass + return True class UpdateForm(forms.SelfHandlingForm): diff --git a/openstack_dashboard/dashboards/project/volumes/templates/volumes/_show_transfer.html b/openstack_dashboard/dashboards/project/volumes/templates/volumes/_show_transfer.html index 2a9a687177..b061abbc0f 100644 --- a/openstack_dashboard/dashboards/project/volumes/templates/volumes/_show_transfer.html +++ b/openstack_dashboard/dashboards/project/volumes/templates/volumes/_show_transfer.html @@ -11,10 +11,3 @@

{% trans "The Transfer ID and the Authorization Key are needed by the recipient in order to accept the transfer. Please capture both the Transfer ID and the Authorization Key and provide them to your transfer recipient." %}

{% trans "The Authorization Key will not be available after closing this page, so you must capture it now or download it, or else you will be unable to use the transfer." %}

{% endblock %} -{% block modal-footer %} - - - {{ download_label }} - - {{ cancel_label }} -{% endblock %} diff --git a/openstack_dashboard/dashboards/project/volumes/tests.py b/openstack_dashboard/dashboards/project/volumes/tests.py index 27ef73b5fb..97afe7bab3 100644 --- a/openstack_dashboard/dashboards/project/volumes/tests.py +++ b/openstack_dashboard/dashboards/project/volumes/tests.py @@ -2056,11 +2056,11 @@ class VolumeViewTests(test.ResetImageAPIVersionMixin, test.TestCase): filename = "{}.txt".format(slugify(transfer.id)) url = reverse('horizon:project:volumes:' - 'download_transfer_creds', - kwargs={'transfer_id': transfer.id, - 'auth_key': transfer.auth_key}) + 'show_transfer', + kwargs={'transfer_id': transfer.id}) - res = self.client.get(url) + form_data = {'id': transfer.id, 'auth_key': transfer.auth_key} + res = self.client.post(url, form_data) self.assertTrue(res.has_header('content-disposition')) self.assertTrue(res.has_header('content-type')) diff --git a/openstack_dashboard/dashboards/project/volumes/urls.py b/openstack_dashboard/dashboards/project/volumes/urls.py index 47555bf498..6baf04207a 100644 --- a/openstack_dashboard/dashboards/project/volumes/urls.py +++ b/openstack_dashboard/dashboards/project/volumes/urls.py @@ -36,7 +36,7 @@ urlpatterns = [ re_path(r'^accept_transfer/$', views.AcceptTransferView.as_view(), name='accept_transfer'), - re_path(r'^(?P[^/]+)/auth/(?P[^/]+)/$', + re_path(r'^(?P[^/]+)/show_transfer/$', views.ShowTransferView.as_view(), name='show_transfer'), re_path(r'^(?P[^/]+)/create_backup/$', @@ -63,7 +63,4 @@ urlpatterns = [ re_path(r'^(?P[^/]+)/encryption_detail/$', views.EncryptionDetailView.as_view(), name='encryption_detail'), - re_path(r'^(?P[^/]+)/download_creds/(?P[^/]+)$', - views.DownloadTransferCreds.as_view(), - name='download_transfer_creds'), ] diff --git a/openstack_dashboard/dashboards/project/volumes/views.py b/openstack_dashboard/dashboards/project/volumes/views.py index d1a2027d20..60c46fe031 100644 --- a/openstack_dashboard/dashboards/project/volumes/views.py +++ b/openstack_dashboard/dashboards/project/volumes/views.py @@ -23,10 +23,8 @@ from django import shortcuts from django.template.defaultfilters import slugify from django.urls import reverse from django.urls import reverse_lazy -from django.utils.decorators import method_decorator from django.utils import encoding from django.utils.translation import gettext_lazy as _ -from django.views.decorators.cache import never_cache from django.views import generic from horizon import exceptions @@ -445,37 +443,54 @@ class ShowTransferView(forms.ModalFormView): modal_header = _("Volume Transfer") submit_url = "horizon:project:volumes:show_transfer" cancel_label = _("Close") - download_label = _("Download transfer credentials") + submit_label = _("Download transfer credentials") page_title = _("Volume Transfer Details") + @memoized.memoized_method def get_object(self): + transfer_id = self.kwargs['transfer_id'] try: - return self._object - except AttributeError: - transfer_id = self.kwargs['transfer_id'] - try: - self._object = cinder.transfer_get(self.request, transfer_id) - return self._object - except Exception: - exceptions.handle(self.request, - _('Unable to retrieve volume transfer.')) + return cinder.transfer_get(self.request, transfer_id) + except Exception: + exceptions.handle(self.request, + _('Unable to retrieve volume transfer.')) def get_context_data(self, **kwargs): + transfer_id = self.kwargs['transfer_id'] + auth_key = self.kwargs.get('auth_key') context = super().get_context_data(**kwargs) - context['transfer_id'] = self.kwargs['transfer_id'] - context['auth_key'] = self.kwargs['auth_key'] - context['download_label'] = self.download_label - context['download_url'] = reverse( - 'horizon:project:volumes:download_transfer_creds', - args=[context['transfer_id'], context['auth_key']] - ) + context.update({ + 'transfer_id': transfer_id, + 'auth_key': auth_key, + 'submit_url': reverse(self.submit_url, args=[transfer_id]), + }) return context def get_initial(self): transfer = self.get_object() - return {'id': transfer.id, - 'name': transfer.name, - 'auth_key': self.kwargs['auth_key']} + auth_key = self.kwargs.get('auth_key') + if transfer: + return {'id': transfer.id, + 'name': transfer.name, + 'auth_key': auth_key} + return {} + + def form_valid(self, form): + transfer_id = form.cleaned_data['id'] + auth_key = form.cleaned_data['auth_key'] + name = form.cleaned_data['name'] + context = {'transfer': { + 'name': name, + 'id': transfer_id, + 'auth_key': auth_key, + }} + response = shortcuts.render( + self.request, + 'project/volumes/download_transfer_creds.html', + context, content_type='application/text') + response['Content-Disposition'] = ( + 'attachment; filename=%s.txt' % slugify(transfer_id)) + return response class UpdateView(forms.ModalFormView): @@ -667,24 +682,3 @@ class EncryptionDetailView(generic.TemplateView): def get_redirect_url(self): return reverse('horizon:project:volumes:index') - - -class DownloadTransferCreds(generic.View): - @method_decorator(never_cache) - def get(self, request, transfer_id, auth_key): - try: - transfer = cinder.transfer_get(self.request, transfer_id) - except Exception: - transfer = None - context = {'transfer': { - 'name': getattr(transfer, 'name', ''), - 'id': transfer_id, - 'auth_key': auth_key, - }} - response = shortcuts.render( - request, - 'project/volumes/download_transfer_creds.html', - context, content_type='application/text') - response['Content-Disposition'] = ( - 'attachment; filename=%s.txt' % slugify(transfer_id)) - return response