feat: add join page

2023-12-15 02:52:49 +01:00 · 2023-12-15 02:52:49 +01:00 · bdd03fa015
parent 09f32b85ea
commit bdd03fa015
3 changed files with 46 additions and 2 deletions
--- a/pretalx_musicrate/templates/pretalx_musicrate/join.html
+++ b/pretalx_musicrate/templates/pretalx_musicrate/join.html
@ -0,0 +1,11 @@
+{% extends "cfp/event/base.html" %}
+{% load i18n %}
+
+{% block content %}
+    <h1>{% translate "Join collective rating" %}</h1>
+    <hr>
+    <form method="post">
+        {% csrf_token %}
+        <button class="btn btn-success btn-lg btn-block" type="submit"{% if not token_valid %} disabled{% endif %}>{% translate "Join" %}</button>
+    </form>
+{% endblock %}
--- a/pretalx_musicrate/urls.py
+++ b/pretalx_musicrate/urls.py
@ -1,6 +1,6 @@
 from django.urls import include, path

-from .views import MusicrateSettingsView, QRCodeView
+from .views import JoinView, MusicrateSettingsView, QRCodeView

 urlpatterns = [
    path(
@ -13,6 +13,7 @@ urlpatterns = [
        include(
            [
                path("", QRCodeView.as_view(), name="qrcode"),
+                path("<slug:token>/", JoinView.as_view(), name="join"),
            ]
        ),
    ),
--- a/pretalx_musicrate/views.py
+++ b/pretalx_musicrate/views.py
@ -1,13 +1,45 @@
+from hmac import compare_digest
+
 from django.contrib import messages
+from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import FormView, TemplateView
 from pretalx.common.mixins.views import EventPermissionRequired

-
 from .forms import MusicrateSettingsForm


+class JoinView(TemplateView):
+    template_name = "pretalx_musicrate/join.html"
+
+    def validate_token(self, token):
+        if compare_digest(
+            token.encode("utf-8"),
+            self.request.event.pretalx_musicrate_settings.join_token.encode("utf-8"),
+        ):
+            return True
+        messages.error(self.request, _("Invalid token"))
+        return False
+
+    def get_context_data(self, token_valid=False, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context["token_valid"] = token_valid
+        return context
+
+    def get(self, request, *args, token, **kwargs):
+        token_valid = self.validate_token(token)
+        return super().get(request, *args, token_valid=token_valid, **kwargs)
+
+    def post(self, request, *args, token, **kwargs):
+        token_valid = self.validate_token(token)
+        if token_valid:
+            return redirect(request.path)
+        return self.render_to_response(
+            self.get_context_data(token_valid=token_valid, **kwargs)
+        )
+
+
 class MusicrateSettingsView(EventPermissionRequired, FormView):
    permission_required = "orga.change_settings"
    template_name = "pretalx_musicrate/settings.html"