Merge pull request #177 from python-discord/enable-login-in-prod

Enable Login Form In Production
author: Hassan Abouelela <[email protected]> 2022-06-17 23:34:37 +0400
committer: GitHub <[email protected]> 2022-06-17 23:34:37 +0400
commit: 221ccd68e5c33d54e702728270d236df1a73a134 (patch)
tree: 98a33fec9e2f5c6e85ff732b9d1aa62b6c28185d /backend
parent: Fix Error For Unauthorized Form Access (diff)
parent: Enable Login Form In Production (diff)
3 files changed, 29 insertions, 16 deletions
diff --git a/backend/routes/forms/discover.py b/backend/routes/forms/discover.py
index b993075..75ff495 100644
--- a/backend/routes/forms/discover.py
+++ b/backend/routes/forms/discover.py
@@ -11,25 +11,27 @@ from backend.route import Route
 from backend.validation import api
 
 __FEATURES = [
-    constants.FormFeatures.DISCOVERABLE.value,
     constants.FormFeatures.OPEN.value,
     constants.FormFeatures.REQUIRES_LOGIN.value
 ]
+if not constants.PRODUCTION:
+    __FEATURES.append(constants.FormFeatures.DISCOVERABLE.value)
 
 __QUESTION = Question(
     id="description",
-    name="Check your cookies after pressing the button.",
+    name="Click the button below to log into the forms application.",
     type="section",
-    data={"text": "You can find cookies under \"Application\" in dev tools."},
+    data={"text": ""},
     required=False
 )
 
-EMPTY_FORM = Form(
-    id="empty_auth",
+AUTH_FORM = Form(
+    id="login",
     features=__FEATURES,
     questions=[__QUESTION],
-    name="Auth form",
-    description="An empty form to help you get a token.",
+    name="Login",
+    description="Log into Python Discord Forms.",
+    submitted_text="This page can't be submitted."
 )
 
 
@@ -55,7 +57,7 @@ class DiscoverableFormsList(Route):
         forms = [form.dict(admin=False) for form in forms]
 
         # Return an empty form in development environments to help with authentication.
-        if not forms and not constants.PRODUCTION:
-            forms.append(EMPTY_FORM.dict(admin=False))
+        if not constants.PRODUCTION:
+            forms.append(AUTH_FORM.dict(admin=False))
 
         return JSONResponse(forms)
diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py
index 369dc9f..8349d4e 100644
--- a/backend/routes/forms/form.py
+++ b/backend/routes/forms/form.py
@@ -13,7 +13,7 @@ from starlette.responses import JSONResponse
 from backend import constants, discord
 from backend.models import Form
 from backend.route import Route
-from backend.routes.forms.discover import EMPTY_FORM
+from backend.routes.forms.discover import AUTH_FORM
 from backend.routes.forms.unittesting import filter_unittests
 from backend.validation import ErrorMessage, OkayResponse, api
 
@@ -35,13 +35,14 @@ class SingleForm(Route):
         """Returns single form information by ID."""
         form_id = request.path_params["form_id"].lower()
 
+        if form_id == AUTH_FORM.id:
+            # Empty form for login purposes
+            return JSONResponse(AUTH_FORM.dict(admin=False))
+
         try:
             await discord.verify_edit_access(form_id, request)
             admin = True
         except discord.FormNotFoundError:
-            if not constants.PRODUCTION and form_id == EMPTY_FORM.id:
-                # Empty form to help with authentication in development.
-                return JSONResponse(EMPTY_FORM.dict(admin=False))
             return JSONResponse({"error": "not_found"}, status_code=404)
         except discord.UnauthorizedError:
             admin = False
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py
index baf403d..5c500b5 100644
--- a/backend/routes/forms/submit.py
+++ b/backend/routes/forms/submit.py
@@ -22,6 +22,7 @@ from backend.authentication.user import User
 from backend.models import Form, FormResponse
 from backend.route import Route
 from backend.routes.auth.authorize import set_response_token
+from backend.routes.forms.discover import AUTH_FORM
 from backend.routes.forms.unittesting import execute_unittest
 from backend.validation import ErrorMessage, api
 
@@ -106,9 +107,18 @@ class SubmitForm(Route):
         data = await request.json()
         data["timestamp"] = None
 
-        if form := await request.state.db.forms.find_one(
-            {"_id": request.path_params["form_id"], "features": "OPEN"}
-        ):
+        form_id = request.path_params["form_id"]
+
+        if form_id == AUTH_FORM.id:
+            response = FormResponse(
+                id="not-submitted",
+                form_id=AUTH_FORM.id,
+                response={question.id: None for question in AUTH_FORM.questions},
+                timestamp=datetime.datetime.now().isoformat()
+            ).dict()
+            return JSONResponse({"form": AUTH_FORM.dict(admin=False), "response": response})
+
+        if form := await request.state.db.forms.find_one({"_id": form_id, "features": "OPEN"}):
             form = Form(**form)
             response = data.copy()
             response["id"] = str(uuid.uuid4())
author	Hassan Abouelela <[email protected]>	2022-06-17 23:34:37 +0400
committer	GitHub <[email protected]>	2022-06-17 23:34:37 +0400
commit	221ccd68e5c33d54e702728270d236df1a73a134 (patch)
tree	98a33fec9e2f5c6e85ff732b9d1aa62b6c28185d /backend
parent	Fix Error For Unauthorized Form Access (diff)
parent	Enable Login Form In Production (diff)