diff options
| author |  Matteo Bertucci <[email protected]> | 2021-12-26 11:55:21 +0100 |
|---|---|---|
| committer | Matteo Bertucci <[email protected]> | 2021-12-26 11:55:21 +0100 |
| commit | f7f3e19e5ee0c2d8ec44399369648d7c22a0ac96 (patch) | |
| tree | 9c99de084ef98baea5c57733fedc2d494fad43fe /backend | |
| parent | Merge pull request #120 from python-discord/jb3/store-correct-ip (diff) | |
Model: makes Form.id case insensitive
Note that it will make any existing form with an upper case letter impossible to access until its ID is changed, which shouldn't be the case in production according to @HassanAbouelela
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/models/form.py | 4 | ||||
| -rw-r--r-- | backend/routes/forms/form.py | 15 |
2 files changed, 8 insertions, 11 deletions
diff --git a/backend/models/form.py b/backend/models/form.py index 30ae0e7..f19ed85 100644 --- a/backend/models/form.py +++ b/backend/models/form.py @@ -1,7 +1,7 @@ import typing as t import httpx -from pydantic import BaseModel, Field, root_validator, validator +from pydantic import constr, BaseModel, Field, root_validator, validator from pydantic.error_wrappers import ErrorWrapper, ValidationError from backend.constants import FormFeatures, WebHook @@ -35,7 +35,7 @@ class _WebHook(BaseModel): class Form(BaseModel): """Schema model for form.""" - id: str = Field(alias="_id") + id: constr(to_lower=True) = Field(alias="_id") features: list[str] questions: list[Question] name: str diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py index 3ea3acb..0f96b85 100644 --- a/backend/routes/forms/form.py +++ b/backend/routes/forms/form.py @@ -32,7 +32,7 @@ class SingleForm(Route): async def get(self, request: Request) -> JSONResponse: """Returns single form information by ID.""" admin = request.user.admin if request.user.is_authenticated else False - form_id = request.path_params["form_id"] + form_id = request.path_params["form_id"].lower() filters = { "_id": form_id @@ -70,7 +70,7 @@ class SingleForm(Route): except json.decoder.JSONDecodeError: return JSONResponse("Expected a JSON body.", 400) - form_id = {"_id": request.path_params["form_id"]} + form_id = {"_id": request.path_params["form_id"].lower()} if raw_form := await request.state.db.forms.find_one(form_id): if "_id" in data or "id" in data: if (data.get("id") or data.get("_id")) != form_id["_id"]: @@ -90,10 +90,7 @@ class SingleForm(Route): except ValidationError as e: return JSONResponse(e.errors(), status_code=422) - await request.state.db.forms.replace_one( - {"_id": request.path_params["form_id"]}, - form.dict() - ) + await request.state.db.forms.replace_one(form_id, form.dict()) return JSONResponse(form.dict()) else: @@ -107,15 +104,15 @@ class SingleForm(Route): async def delete(self, request: Request) -> JSONResponse: """Deletes form by ID.""" if not await request.state.db.forms.find_one( - {"_id": request.path_params["form_id"]} + {"_id": request.path_params["form_id"].lower()} ): return JSONResponse({"error": "not_found"}, status_code=404) await request.state.db.forms.delete_one( - {"_id": request.path_params["form_id"]} + {"_id": request.path_params["form_id"].lower()} ) await request.state.db.responses.delete_many( - {"form_id": request.path_params["form_id"]} + {"form_id": request.path_params["form_id"].lower()} ) return JSONResponse({"status": "ok"}) |