Don't pass the auth_key for volume transfer in the URL
Instead we pass it as data in the POST request. Closes-Bug: #2048493 Change-Id: I9085eb146b8f013909f6369b731c076aba3216ab
This commit is contained in:
Radomir Dopieralski
parent
3d9855eebb
commit
ccef197e03
|
|
@ -598,22 +598,21 @@ class CreateTransferForm(forms.SelfHandlingForm):
|
|||
return cleaned_name
|
||||
|
||||
def handle(self, request, data):
|
||||
volume_id = self.initial['volume_id']
|
||||
try:
|
||||
volume_id = self.initial['volume_id']
|
||||
transfer = cinder.transfer_create(request, volume_id, data['name'])
|
||||
|
||||
msg = _('Created volume transfer: "%s".') % data['name']
|
||||
messages.success(request, msg)
|
||||
kwargs = {
|
||||
'transfer_id': transfer.id,
|
||||
'auth_key': transfer.auth_key
|
||||
}
|
||||
request.method = 'GET'
|
||||
return self.next_view.as_view()(request, **kwargs)
|
||||
except Exception:
|
||||
redirect = reverse("horizon:project:volumes:index")
|
||||
exceptions.handle(request, _('Unable to create volume transfer.'),
|
||||
redirect=redirect)
|
||||
else:
|
||||
msg = _('Created volume transfer: "%s".') % data['name']
|
||||
messages.success(request, msg)
|
||||
request.method = 'GET'
|
||||
return self.next_view.as_view()(
|
||||
request, transfer_id=transfer.id,
|
||||
auth_key=transfer.auth_key,
|
||||
)
|
||||
|
||||
|
||||
class AcceptTransferForm(forms.SelfHandlingForm):
|
||||
|
|
@ -652,7 +651,7 @@ class ShowTransferForm(forms.SelfHandlingForm):
|
|||
required=False)
|
||||
|
||||
def handle(self, request, data):
|
||||
pass
|
||||
return True
|
||||
|
||||
|
||||
class UpdateForm(forms.SelfHandlingForm):
|
||||
|
|
|
|||
|
|
@ -11,10 +11,3 @@
|
|||
<p>{% trans "The Transfer ID and the Authorization Key are needed by the recipient in order to accept the transfer. Please capture both the Transfer ID and the Authorization Key and provide them to your transfer recipient." %}</p>
|
||||
<p class="alert alert-warning">{% trans "The Authorization Key will not be available after closing this page, so you must capture it now or download it, or else you will be unable to use the transfer." %}</p>
|
||||
{% endblock %}
|
||||
{% block modal-footer %}
|
||||
<a href="{{ download_url }}" class="btn btn-default">
|
||||
<span class="fa fa-download"></span>
|
||||
{{ download_label }}
|
||||
</a>
|
||||
<a onClick="location.href='{{cancel_url}}'" href="{{ cancel_url }}" class="btn btn-default">{{ cancel_label }}</a>
|
||||
{% endblock %}
|
||||
|
|
|
|||
|
|
@ -2056,11 +2056,11 @@ class VolumeViewTests(test.ResetImageAPIVersionMixin, test.TestCase):
|
|||
filename = "{}.txt".format(slugify(transfer.id))
|
||||
|
||||
url = reverse('horizon:project:volumes:'
|
||||
'download_transfer_creds',
|
||||
kwargs={'transfer_id': transfer.id,
|
||||
'auth_key': transfer.auth_key})
|
||||
'show_transfer',
|
||||
kwargs={'transfer_id': transfer.id})
|
||||
|
||||
res = self.client.get(url)
|
||||
form_data = {'id': transfer.id, 'auth_key': transfer.auth_key}
|
||||
res = self.client.post(url, form_data)
|
||||
|
||||
self.assertTrue(res.has_header('content-disposition'))
|
||||
self.assertTrue(res.has_header('content-type'))
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ urlpatterns = [
|
|||
re_path(r'^accept_transfer/$',
|
||||
views.AcceptTransferView.as_view(),
|
||||
name='accept_transfer'),
|
||||
re_path(r'^(?P<transfer_id>[^/]+)/auth/(?P<auth_key>[^/]+)/$',
|
||||
re_path(r'^(?P<transfer_id>[^/]+)/show_transfer/$',
|
||||
views.ShowTransferView.as_view(),
|
||||
name='show_transfer'),
|
||||
re_path(r'^(?P<volume_id>[^/]+)/create_backup/$',
|
||||
|
|
@ -63,7 +63,4 @@ urlpatterns = [
|
|||
re_path(r'^(?P<volume_id>[^/]+)/encryption_detail/$',
|
||||
views.EncryptionDetailView.as_view(),
|
||||
name='encryption_detail'),
|
||||
re_path(r'^(?P<transfer_id>[^/]+)/download_creds/(?P<auth_key>[^/]+)$',
|
||||
views.DownloadTransferCreds.as_view(),
|
||||
name='download_transfer_creds'),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -23,10 +23,8 @@ from django import shortcuts
|
|||
from django.template.defaultfilters import slugify
|
||||
from django.urls import reverse
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils import encoding
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.decorators.cache import never_cache
|
||||
from django.views import generic
|
||||
|
||||
from horizon import exceptions
|
||||
|
|
@ -445,37 +443,54 @@ class ShowTransferView(forms.ModalFormView):
|
|||
modal_header = _("Volume Transfer")
|
||||
submit_url = "horizon:project:volumes:show_transfer"
|
||||
cancel_label = _("Close")
|
||||
download_label = _("Download transfer credentials")
|
||||
submit_label = _("Download transfer credentials")
|
||||
page_title = _("Volume Transfer Details")
|
||||
|
||||
@memoized.memoized_method
|
||||
def get_object(self):
|
||||
transfer_id = self.kwargs['transfer_id']
|
||||
try:
|
||||
return self._object
|
||||
except AttributeError:
|
||||
transfer_id = self.kwargs['transfer_id']
|
||||
try:
|
||||
self._object = cinder.transfer_get(self.request, transfer_id)
|
||||
return self._object
|
||||
except Exception:
|
||||
exceptions.handle(self.request,
|
||||
_('Unable to retrieve volume transfer.'))
|
||||
return cinder.transfer_get(self.request, transfer_id)
|
||||
except Exception:
|
||||
exceptions.handle(self.request,
|
||||
_('Unable to retrieve volume transfer.'))
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
transfer_id = self.kwargs['transfer_id']
|
||||
auth_key = self.kwargs.get('auth_key')
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['transfer_id'] = self.kwargs['transfer_id']
|
||||
context['auth_key'] = self.kwargs['auth_key']
|
||||
context['download_label'] = self.download_label
|
||||
context['download_url'] = reverse(
|
||||
'horizon:project:volumes:download_transfer_creds',
|
||||
args=[context['transfer_id'], context['auth_key']]
|
||||
)
|
||||
context.update({
|
||||
'transfer_id': transfer_id,
|
||||
'auth_key': auth_key,
|
||||
'submit_url': reverse(self.submit_url, args=[transfer_id]),
|
||||
})
|
||||
return context
|
||||
|
||||
def get_initial(self):
|
||||
transfer = self.get_object()
|
||||
return {'id': transfer.id,
|
||||
'name': transfer.name,
|
||||
'auth_key': self.kwargs['auth_key']}
|
||||
auth_key = self.kwargs.get('auth_key')
|
||||
if transfer:
|
||||
return {'id': transfer.id,
|
||||
'name': transfer.name,
|
||||
'auth_key': auth_key}
|
||||
return {}
|
||||
|
||||
def form_valid(self, form):
|
||||
transfer_id = form.cleaned_data['id']
|
||||
auth_key = form.cleaned_data['auth_key']
|
||||
name = form.cleaned_data['name']
|
||||
context = {'transfer': {
|
||||
'name': name,
|
||||
'id': transfer_id,
|
||||
'auth_key': auth_key,
|
||||
}}
|
||||
response = shortcuts.render(
|
||||
self.request,
|
||||
'project/volumes/download_transfer_creds.html',
|
||||
context, content_type='application/text')
|
||||
response['Content-Disposition'] = (
|
||||
'attachment; filename=%s.txt' % slugify(transfer_id))
|
||||
return response
|
||||
|
||||
|
||||
class UpdateView(forms.ModalFormView):
|
||||
|
|
@ -667,24 +682,3 @@ class EncryptionDetailView(generic.TemplateView):
|
|||
|
||||
def get_redirect_url(self):
|
||||
return reverse('horizon:project:volumes:index')
|
||||
|
||||
|
||||
class DownloadTransferCreds(generic.View):
|
||||
@method_decorator(never_cache)
|
||||
def get(self, request, transfer_id, auth_key):
|
||||
try:
|
||||
transfer = cinder.transfer_get(self.request, transfer_id)
|
||||
except Exception:
|
||||
transfer = None
|
||||
context = {'transfer': {
|
||||
'name': getattr(transfer, 'name', ''),
|
||||
'id': transfer_id,
|
||||
'auth_key': auth_key,
|
||||
}}
|
||||
response = shortcuts.render(
|
||||
request,
|
||||
'project/volumes/download_transfer_creds.html',
|
||||
context, content_type='application/text')
|
||||
response['Content-Disposition'] = (
|
||||
'attachment; filename=%s.txt' % slugify(transfer_id))
|
||||
return response
|
||||
|
|
|
|||
Loading…
Reference in New Issue