Fix four routes with auth_desired misimplemented.
PR #374 removed `@auth_required` from a number of routes and changed those which used their `v` parameters to `v=None` and removed the `v` parameter from those which didn't internally use it.1841134b47PR #392 re-added `@auth_desired` to those routes to ensure the templates rendered with awareness of the current logged-in user (matters for search, header bar, etc).9f042c1aebHowever, 500 errors occurred on /random_post, /random_user, /id/<uid>, and /u/<username>. Those were the four which had their `v` parameter removed entirely. This has been re-added, which fixes the bug. The way to understand auth_required vs auth_desired is that they are nearly identical, with the sole difference than auth_required checks if v is None and aborts with 401 if so. This means that auth_desired routes must handle the v=None case. They are the same in that they always try to give a `v` kwarg to the decorated function, which was the root cause of those four routes erroring. Recommended style: the vast majority of routes which return a rendered template should be auth_desired, because the top-level templates often draw extensively from `v` state even when the route handler does not. When a route is either auth_desired or auth_required, it should have a `v` parameter, which we typically give as the first positional parameter.
This commit is contained in:
TLSM
Ben Rog-Wilhelm
parent
9519e7a744
commit
9e2ceb28b0
4 changed files with 20 additions and 20 deletions
|
|
@ -753,25 +753,25 @@ def api_is_available(name):
|
|||
|
||||
@app.get("/id/<id>")
|
||||
@auth_desired
|
||||
def user_id(id):
|
||||
def user_id(v, id):
|
||||
user = get_account(id)
|
||||
return redirect(user.url)
|
||||
|
||||
@app.get("/u/<username>")
|
||||
@auth_desired
|
||||
def redditor_moment_redirect(username):
|
||||
def redditor_moment_redirect(v, username):
|
||||
return redirect(f"/@{username}")
|
||||
|
||||
@app.get("/@<username>/followers")
|
||||
@auth_desired
|
||||
def followers(username, v=None):
|
||||
def followers(v, username):
|
||||
u = get_user(username, v=v)
|
||||
users = g.db.query(User).join(Follow, Follow.target_id == u.id).filter(Follow.user_id == User.id).order_by(Follow.created_utc).all()
|
||||
return render_template("followers.html", v=v, u=u, users=users)
|
||||
|
||||
@app.get("/@<username>/following")
|
||||
@auth_desired
|
||||
def following(username, v=None):
|
||||
def following(v, username):
|
||||
u = get_user(username, v=v)
|
||||
users = g.db.query(User).join(Follow, Follow.user_id == u.id).filter(Follow.target_id == User.id).order_by(Follow.created_utc).all()
|
||||
return render_template("following.html", v=v, u=u, users=users)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue