From 21c46c4bcd26b8f9c74502a609cc02abf8b308ee Mon Sep 17 00:00:00 2001 From: Tim Schilling Date: Thu, 4 Aug 2022 08:16:10 -0500 Subject: [PATCH 1/2] Remove signed_data_view decorator to support url type checking. The package django-urlconfchecks was erroring on the toolbar's URLs because signed_data_view was injecting an extra parameter for the views. The alternative to the decorator isn't terrible so let's use that instead. Eventually this can be shortened with the walrus operator when py37 support is dropped. --- debug_toolbar/decorators.py | 20 +------------------- debug_toolbar/forms.py | 1 - debug_toolbar/panels/sql/views.py | 30 +++++++++++++++++++++++------- docs/changes.rst | 5 +++++ 4 files changed, 29 insertions(+), 27 deletions(-) diff --git a/debug_toolbar/decorators.py b/debug_toolbar/decorators.py index 2abfb22f9..8114b05d7 100644 --- a/debug_toolbar/decorators.py +++ b/debug_toolbar/decorators.py @@ -1,6 +1,6 @@ import functools -from django.http import Http404, HttpResponseBadRequest +from django.http import Http404 def require_show_toolbar(view): @@ -15,21 +15,3 @@ def inner(request, *args, **kwargs): return view(request, *args, **kwargs) return inner - - -def signed_data_view(view): - """Decorator that handles unpacking a signed data form""" - - @functools.wraps(view) - def inner(request, *args, **kwargs): - from debug_toolbar.forms import SignedDataForm - - data = request.GET if request.method == "GET" else request.POST - signed_form = SignedDataForm(data) - if signed_form.is_valid(): - return view( - request, *args, verified_data=signed_form.verified_data(), **kwargs - ) - return HttpResponseBadRequest("Invalid signature") - - return inner diff --git a/debug_toolbar/forms.py b/debug_toolbar/forms.py index 3c7a45a07..1263c3aff 100644 --- a/debug_toolbar/forms.py +++ b/debug_toolbar/forms.py @@ -21,7 +21,6 @@ class PanelForm(forms.Form): panel_form = PanelForm(signed_form.verified_data) if panel_form.is_valid(): # Success - Or wrap the FBV with ``debug_toolbar.decorators.signed_data_view`` """ salt = "django_debug_toolbar" diff --git a/debug_toolbar/panels/sql/views.py b/debug_toolbar/panels/sql/views.py index 49ffee515..fabca7a57 100644 --- a/debug_toolbar/panels/sql/views.py +++ b/debug_toolbar/panels/sql/views.py @@ -2,15 +2,27 @@ from django.template.loader import render_to_string from django.views.decorators.csrf import csrf_exempt -from debug_toolbar.decorators import require_show_toolbar, signed_data_view +from debug_toolbar.decorators import require_show_toolbar +from debug_toolbar.forms import SignedDataForm from debug_toolbar.panels.sql.forms import SQLSelectForm +def get_signed_data(request): + """Unpack a signed data form, if invalid returns None""" + data = request.GET if request.method == "GET" else request.POST + signed_form = SignedDataForm(data) + if signed_form.is_valid(): + return signed_form.verified_data() + return None + + @csrf_exempt @require_show_toolbar -@signed_data_view -def sql_select(request, verified_data): +def sql_select(request): """Returns the output of the SQL SELECT statement""" + verified_data = get_signed_data(request) + if not verified_data: + return HttpResponseBadRequest("Invalid signature") form = SQLSelectForm(verified_data) if form.is_valid(): @@ -35,9 +47,11 @@ def sql_select(request, verified_data): @csrf_exempt @require_show_toolbar -@signed_data_view -def sql_explain(request, verified_data): +def sql_explain(request): """Returns the output of the SQL EXPLAIN on the given query""" + verified_data = get_signed_data(request) + if not verified_data: + return HttpResponseBadRequest("Invalid signature") form = SQLSelectForm(verified_data) if form.is_valid(): @@ -71,9 +85,11 @@ def sql_explain(request, verified_data): @csrf_exempt @require_show_toolbar -@signed_data_view -def sql_profile(request, verified_data): +def sql_profile(request): """Returns the output of running the SQL and getting the profiling statistics""" + verified_data = get_signed_data(request) + if not verified_data: + return HttpResponseBadRequest("Invalid signature") form = SQLSelectForm(verified_data) if form.is_valid(): diff --git a/docs/changes.rst b/docs/changes.rst index 25ef409fc..b2407c3d8 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -1,6 +1,11 @@ Change log ========== +Pending +------- +* Remove decorator ``signed_data_view`` as it was causing issues with + django-urlconfchecks. + 3.5.0 (2022-06-23) ------------------ From 21b4a9ea2ab626912cd8d7b15b6444ee49e01cec Mon Sep 17 00:00:00 2001 From: Tim Schilling Date: Thu, 4 Aug 2022 08:20:45 -0500 Subject: [PATCH 2/2] Use django-urlconfchecks in a URL to avoid adding it to docs' words list. --- docs/changes.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/changes.rst b/docs/changes.rst index b2407c3d8..a7335e531 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -3,8 +3,9 @@ Change log Pending ------- + * Remove decorator ``signed_data_view`` as it was causing issues with - django-urlconfchecks. + `django-urlconfchecks `__. 3.5.0 (2022-06-23) ------------------