From 6669b842bef3f3fdc8344bf1c9a1f7edadd2a222 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bogdan-Cristian=20T=C4=83t=C4=83roiu?=
 <b.tataroiu@gmail.com>
Date: Thu, 7 Mar 2013 17:07:06 +0000
Subject: [PATCH] Ensure we send the CSRF token cookie on login.

Summary:
Before diff, a new user would be unable to perform any POST requests.

Added a login_success view to which we redirect right after login.
This approach also has the benefit that we can now redirect to the
page the user was on before logging in.

Test Plan: Cleared cookies, logged in, logging out now works

Reviewers: bmatican

Reviewed By: bmatican

Differential Revision: http://phab.code4fun.de/D10
---
 .arcconfig                              |  1 -
 CodeStreak/contests/utils/tasks.py      |  4 ++--
 CodeStreak/contests/views.py            |  7 +++++++
 CodeStreak/static/base/css/facebook.css | 12 ++++++------
 CodeStreak/urls.py                      |  3 +++
 CodeStreak/xhpy/base.py                 |  5 ++++-
 README.md                               |  2 +-
 TODO                                    |  3 ---
 8 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/.arcconfig b/.arcconfig
index 82f8f2a..c713e52 100644
--- a/.arcconfig
+++ b/.arcconfig
@@ -6,7 +6,6 @@
   ],
   "lint.engine": "DefaultLintEngine",
 
-  "lint.jshint.prefix": "/usr/local/bin",
   "lint.jshint.bin": "jshint",
   "lint.jshint.config": ".jshintconfig",
 
diff --git a/CodeStreak/contests/utils/tasks.py b/CodeStreak/contests/utils/tasks.py
index 7821480..6ac596e 100644
--- a/CodeStreak/contests/utils/tasks.py
+++ b/CodeStreak/contests/utils/tasks.py
@@ -50,7 +50,7 @@ def from_raw(cls, contest_id, user_id):
     instance.visible_tasks = instance.get_visible_tasks()
     return instance
 
-  
+
   def get_visible_tasks(self):
     if self.visible_tasks != []:
       return self.visible_tasks
@@ -58,7 +58,7 @@ def get_visible_tasks(self):
       ids = self.get_visible_task_ids()
       return [self.task_by_id[id] for id in ids]
 
-    
+
   def get_visible_task_ids(self):
     if self.visible_task_ids != []:
       return self.visible_task_ids
diff --git a/CodeStreak/contests/views.py b/CodeStreak/contests/views.py
index 55e2f1d..4d147f2 100644
--- a/CodeStreak/contests/views.py
+++ b/CodeStreak/contests/views.py
@@ -5,6 +5,7 @@
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import render_to_response
 from django.utils.timezone import now
+from django.views.decorators.csrf import ensure_csrf_cookie
 
 import json
 
@@ -355,6 +356,12 @@ def login_view(request):
     messages.error(request, 'You need to login first.')
   return HttpResponseRedirect(url_reverse('contest-list'))
 
+@ensure_csrf_cookie
+def login_success_view(request):
+  url = url_reverse('contest-list')
+  if 'HTTP_REFERER' in request.META:
+    url = request.META['HTTP_REFERER']
+  return HttpResponseRedirect(url)
 
 @require_POST
 def logout_view(request):
diff --git a/CodeStreak/static/base/css/facebook.css b/CodeStreak/static/base/css/facebook.css
index 1f34aa1..e139ef3 100644
--- a/CodeStreak/static/base/css/facebook.css
+++ b/CodeStreak/static/base/css/facebook.css
@@ -13,14 +13,14 @@
 
 #facebook_lightbox {
     position            : relative;
-    width               : 300px; 
-    background-color    : #fff; 
-    margin              : 200px auto; 
-    text-align          : center; 
-    padding             : 30px 20px;        
+    width               : 300px;
+    background-color    : #fff;
+    margin              : 200px auto;
+    text-align          : center;
+    padding             : 30px 20px;
     -moz-box-shadow     : 0px 0px 8px #000;
     -webkit-box-shadow  : 0px 0px 8px #000;
-    box-shadow          : 0px 0px 8px #000;    
+    box-shadow          : 0px 0px 8px #000;
     moz-border-radius   : 2px;
     border-radius       : 2px;
     z-index             : 1001;
diff --git a/CodeStreak/urls.py b/CodeStreak/urls.py
index 30d2906..7464a0d 100644
--- a/CodeStreak/urls.py
+++ b/CodeStreak/urls.py
@@ -14,6 +14,9 @@
   url(r'^facebook/', include('django_facebook.urls')),
   url(r'^accounts/login/$', 'CodeStreak.contests.views.login_view',
       name='auth_login'),
+  url(r'^accounts/login/success/$',
+      'CodeStreak.contests.views.login_success_view',
+      name='auth_login_success'),
   url(r'^accounts/logout/$', 'CodeStreak.contests.views.logout_view',
       name='auth_logout'),
 
diff --git a/CodeStreak/xhpy/base.py b/CodeStreak/xhpy/base.py
index b417945..aca409e 100644
--- a/CodeStreak/xhpy/base.py
+++ b/CodeStreak/xhpy/base.py
@@ -1,6 +1,7 @@
 # Copyright 2012 Bogdan-Cristian Tataroiu
 
 from django.core.context_processors import csrf
+from django.core.urlresolvers import reverse as url_reverse
 from django.conf import settings
 from django.contrib import messages
 from django_facebook.models import FacebookProfile
@@ -145,7 +146,9 @@ def render(self):
             <li>
                 <form action="/facebook/connect/?facebook_login=1"
                     method="post">
-                    <input type="hidden" value="/" name="next" />
+                    <input type="hidden"
+                        value={url_reverse('auth_login_success')}
+                        name="next" />
                     <button id="facebook-button" type="button"
                         class="btn btn-primary pull-right"
                         data-loading-text="Loading..."
diff --git a/README.md b/README.md
index 3a677c8..a3a5b22 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,2 @@
 CodeStreak
-==========
\ No newline at end of file
+==========
diff --git a/TODO b/TODO
index b6d677a..e69de29 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +0,0 @@
--- Ajax for contest status (refresh page on state change)
-
--- ticks for log entries for shots