← Back to team overview

widelands-dev team mailing list archive

  1. widelands-dev team
  2. Mailing list archive
  3. Message #14880

[Merge] lp:~widelands-dev/widelands-website/cookies into lp:widelands-website

  Thread PreviousDate PreviousThread Next 
kaputtnik has proposed merging lp:~widelands-dev/widelands-website/cookies into lp:widelands-website.

Commit message:
Use a session based csrf cookie; Fixed showing deleted username when quoting a post

Requested reviews:
  Widelands Developers (widelands-dev)
Related bugs:
  Bug #1780536 in Widelands Website: "Add a GDPR (german: DSGVO) to the website"
  https://bugs.launchpad.net/widelands-website/+bug/1780536

For more details, see:
https://code.launchpad.net/~widelands-dev/widelands-website/cookies/+merge/355939

Follow up from the deleted_user branch: When quoting a forum post the real username, instead of DELETED_USERNAME, was shown. This branch fixes this.

Use a session based csrf cookie, which means it will be deleted after closing the browser. I have tested several other cookie settings but i think this is the best for our needs.

-- 
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/cookies into lp:widelands-website.

=== modified file 'local_settings.py.sample'
--- local_settings.py.sample	2018-05-12 14:01:09 +0000
+++ local_settings.py.sample	2018-10-01 17:22:13 +0000
@@ -13,6 +13,7 @@
 STATIC_MEDIA_PATH = os.path.join(bd, 'media')
 MEDIA_ROOT = os.path.join(bd, 'media/')
 
+
 # If you are using the developer version of widelands from Launchpad
 # set WIDELANDS_SVN_DIR to the correct path. See also:
 # https://wl.widelands.org/wiki/BzrPrimer/

=== modified file 'pybb/util.py'
--- pybb/util.py	2018-04-03 05:18:03 +0000
+++ pybb/util.py	2018-10-01 17:22:13 +0000
@@ -170,7 +170,10 @@
 
 def quote_text(text, user, markup):
     """Quote message using selected markup."""
-    text = '*' + user.username + ' wrote:*\n\n' + text
+
+    quoted_username = settings.DELETED_USERNAME if user.wlprofile.deleted else user.username
+
+    text = '*' + quoted_username + ' wrote:*\n\n' + text
 
     if markup == 'markdown':
         # Inserting a space after ">" will not change the generated HTML,

=== modified file 'settings.py'
--- settings.py	2018-09-19 18:08:39 +0000
+++ settings.py	2018-10-01 17:22:13 +0000
@@ -330,6 +330,13 @@
 DELETED_MAIL_ADDRESS = ''
 DELETED_USERNAME = 'Ex-Member'
 
+###################
+# Cookie settings #
+###################
+
+# See: https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-age
+CSRF_COOKIE_AGE = None
+
 try:
     from local_settings import *
 except ImportError:

Follow ups

  Thread PreviousDate PreviousThread Next