Merge branch 'release/1.1.0' into 'master'

Backmerge of 1.1.1 See merge request !285

Merge branch 'release/1.1.0' into 'master'
f86ec239 · Luuk Scholten · 1f06e650 · ecc78651 · f86ec239 · f86ec239
Commit f86ec239 authored 8 years ago by Luuk Scholten
--- a/website/thaliapp/views.py
+++ b/website/thaliapp/views.py
@@ -6,6 +6,8 @@ from django.views.decorators.http import require_POST
 from django.contrib.auth import authenticate
 from django.contrib.staticfiles.finders import find as find_static_file
 from django.core.cache import cache
+from django.views.decorators.debug import (sensitive_variables,
+                                           sensitive_post_parameters)
 from thaliapp.models import Token
 from hashlib import sha256
 from base64 import b64encode
@@ -29,6 +31,8 @@ def get_photo(user):
    return photo


+@sensitive_post_parameters()
+@sensitive_variables('user', 'password', 'token')
 @csrf_exempt
 @require_POST
 def login(request):
@@ -52,9 +56,11 @@ def login(request):
                             })
    return JsonResponse({'status': 'error',
                         'msg': 'Authentication Failed'},
-                        status_code=403)
+                        status=403)


+@sensitive_post_parameters()
+@sensitive_variables('username', 'token')
 @csrf_exempt
 @require_POST
 def app(request):
@@ -69,7 +75,7 @@ def app(request):
    if user is None:
        return JsonResponse({'status': 'error',
                            'msg': 'Authentication Failed'},
-                            status_code=403)
+                            status=403)
    today = datetime.date.today()
    eightteen_years_ago = today.replace(year=today.year - 18)
    over18 = str(user.member.birthday <= eightteen_years_ago)
@@ -91,6 +97,8 @@ def app(request):
                         })


+@sensitive_post_parameters()
+@sensitive_variables('username', 'token')
 @csrf_exempt
 @require_POST
 def scan(request):
@@ -104,7 +112,7 @@ def scan(request):
    if user is None:
        return JsonResponse({'status': 'error',
                            'msg': 'Authentication Failed'},
-                            status_code=403)
+                            status=403)
    cache.set(''.join([qrtoken]), user, 300)
    return JsonResponse({'status': 'ok'})


--- a/website/thaliawebsite/views.py
+++ b/website/thaliawebsite/views.py
@@ -10,6 +10,8 @@ from django.shortcuts import render
 from django.utils import timezone
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
+from django.views.decorators.debug import (sensitive_variables,
+                                           sensitive_post_parameters)

 from sendfile import sendfile

@@ -21,6 +23,8 @@ def styleguide(request):
    return render(request, 'singlepages/styleguide.html')


+@sensitive_variables()
+@sensitive_post_parameters()
 @require_POST
 @csrf_exempt
 def wiki_login(request):
@@ -54,7 +58,7 @@ def wiki_login(request):
                             'committees': memberships})
    return JsonResponse({'status': 'error',
                         'msg': 'Authentication Failed'},
-                        status_code=403)
+                        status=403)


 @login_required