diff options
| author |  Chris Lovering <[email protected]> | 2022-01-21 15:59:44 +0000 |
|---|---|---|
| committer | Chris Lovering <[email protected]> | 2022-01-21 16:06:47 +0000 |
| commit | 46bdc4d5fd4dbdb6731afbdb82368d0863feaf47 (patch) | |
| tree | 2b5e275389cf51af012dc7c1d871ef68d848ad63 | |
| parent | Merge pull request #126 from Akarys42/case-insensitive-ids (diff) | |
Don't include user mention for anonymous form submissions
We currently use WEBHOOK_ENABLED to determine whether user data should be stored to the db. However, when webhooking a form submission this config is ignored, and the user mention is always included if available.
This means that if a user login in using another form, and then submits an anonymous form with the same session, their name will be included in the webhook.
| -rw-r--r-- | backend/routes/forms/submit.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py index 8d9f4e5..95e30b0 100644 --- a/backend/routes/forms/submit.py +++ b/backend/routes/forms/submit.py @@ -234,11 +234,15 @@ class SubmitForm(Route): tasks = BackgroundTasks() if constants.FormFeatures.WEBHOOK_ENABLED.value in form.features: + if constants.FormFeatures.REQUIRES_LOGIN.value in form.features: + request_user = request.user + else: + request_user = None tasks.add_task( self.send_submission_webhook, form=form, response=response_obj, - request_user=request.user + request_user=request_user ) if constants.FormFeatures.ASSIGN_ROLE.value in form.features: |