Don't include user mention for anonymous form submissions

We currently use WEBHOOK_ENABLED to determine whether user data should be stored to the db. However, when webhooking a form submission this config is ignored, and the user mention is always included if available. This means that if a user login in using another form, and then submits an anonymous form with the same session, their name will be included in the webhook.
author: Chris Lovering <[email protected]> 2022-01-21 15:59:44 +0000
committer: Chris Lovering <[email protected]> 2022-01-21 16:06:47 +0000
commit: 46bdc4d5fd4dbdb6731afbdb82368d0863feaf47 (patch)
tree: 2b5e275389cf51af012dc7c1d871ef68d848ad63 /backend/routes
parent: Merge pull request #126 from Akarys42/case-insensitive-ids (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py
index 8d9f4e5..95e30b0 100644
--- a/backend/routes/forms/submit.py
+++ b/backend/routes/forms/submit.py
@@ -234,11 +234,15 @@ class SubmitForm(Route):
 
             tasks = BackgroundTasks()
             if constants.FormFeatures.WEBHOOK_ENABLED.value in form.features:
+                if constants.FormFeatures.REQUIRES_LOGIN.value in form.features:
+                    request_user = request.user
+                else:
+                    request_user = None
                 tasks.add_task(
                     self.send_submission_webhook,
                     form=form,
                     response=response_obj,
-                    request_user=request.user
+                    request_user=request_user
                 )
 
             if constants.FormFeatures.ASSIGN_ROLE.value in form.features:
author	Chris Lovering <[email protected]>	2022-01-21 15:59:44 +0000
committer	Chris Lovering <[email protected]>	2022-01-21 16:06:47 +0000
commit	46bdc4d5fd4dbdb6731afbdb82368d0863feaf47 (patch)
tree	2b5e275389cf51af012dc7c1d871ef68d848ad63 /backend/routes
parent	Merge pull request #126 from Akarys42/case-insensitive-ids (diff)