Merge branch 'main' into asgi-middleware

Author: HassanAbouelela

backend/discord.py

@@ -175,7 +175,7 @@ async def _verify_access_helper(
 
     form = models.Form(**form)
 
-    for role_id in getattr(form, attribute, []):
+    for role_id in getattr(form, attribute, None) or []:
         role = await request.state.db.roles.find_one({"id": role_id})
         if not role:
             continue

backend/routes/forms/discover.py

@@ -11,25 +11,27 @@
 from backend.validation import api
 
 __FEATURES = [
-    constants.FormFeatures.DISCOVERABLE.value,
     constants.FormFeatures.OPEN.value,
     constants.FormFeatures.REQUIRES_LOGIN.value
 ]
+if not constants.PRODUCTION:
+    __FEATURES.append(constants.FormFeatures.DISCOVERABLE.value)
 
 __QUESTION = Question(
     id="description",
-    name="Check your cookies after pressing the button.",
+    name="Click the button below to log into the forms application.",
     type="section",
-    data={"text": "You can find cookies under \"Application\" in dev tools."},
+    data={"text": ""},
     required=False
 )
 
-EMPTY_FORM = Form(
-    id="empty_auth",
+AUTH_FORM = Form(
+    id="login",
     features=__FEATURES,
     questions=[__QUESTION],
-    name="Auth form",
-    description="An empty form to help you get a token.",
+    name="Login",
+    description="Log into Python Discord Forms.",
+    submitted_text="This page can't be submitted."
 )
 
 
@@ -55,7 +57,7 @@ async def get(self, request: Request) -> JSONResponse:
         forms = [form.dict(admin=False) for form in forms]
 
         # Return an empty form in development environments to help with authentication.
-        if not forms and not constants.PRODUCTION:
-            forms.append(EMPTY_FORM.dict(admin=False))
+        if not constants.PRODUCTION:
+            forms.append(AUTH_FORM.dict(admin=False))
 
         return JSONResponse(forms)

backend/routes/forms/form.py

@@ -13,7 +13,7 @@
 from backend import constants, discord
 from backend.models import Form
 from backend.route import Route
-from backend.routes.forms.discover import EMPTY_FORM
+from backend.routes.forms.discover import AUTH_FORM
 from backend.routes.forms.unittesting import filter_unittests
 from backend.validation import ErrorMessage, OkayResponse, api
 
@@ -35,14 +35,15 @@ async def get(self, request: Request) -> JSONResponse:
         """Returns single form information by ID."""
         form_id = request.path_params["form_id"].lower()
 
+        if form_id == AUTH_FORM.id:
+            # Empty form for login purposes
+            return JSONResponse(AUTH_FORM.dict(admin=False))
+
         try:
             await discord.verify_edit_access(form_id, request)
             admin = True
         except discord.FormNotFoundError:
-            if not constants.PRODUCTION and form_id == EMPTY_FORM.id:
-                # Empty form to help with authentication in development.
-                return JSONResponse(EMPTY_FORM.dict(admin=False))
-            raise
+            return JSONResponse({"error": "not_found"}, status_code=404)
         except discord.UnauthorizedError:
             admin = False
 
@@ -53,7 +54,11 @@ async def get(self, request: Request) -> JSONResponse:
         if not admin:
             filters["features"] = {"$in": ["OPEN", "DISCOVERABLE"]}
 
-        form = Form(**await request.state.db.forms.find_one(filters))
+        form = await request.state.db.forms.find_one(filters)
+        if not form:
+            return JSONResponse({"error": "not_found"}, status_code=404)
+
+        form = Form(**form)
         if not admin:
             form = filter_unittests(form)
 

backend/routes/forms/submit.py

@@ -22,6 +22,7 @@
 from backend.models import Form, FormResponse
 from backend.route import Route
 from backend.routes.auth.authorize import set_response_token
+from backend.routes.forms.discover import AUTH_FORM
 from backend.routes.forms.unittesting import execute_unittest
 from backend.validation import ErrorMessage, api
 
@@ -106,9 +107,18 @@ async def submit(self, request: Request) -> JSONResponse:
         data = await request.json()
         data["timestamp"] = None
 
-        if form := await request.state.db.forms.find_one(
-            {"_id": request.path_params["form_id"], "features": "OPEN"}
-        ):
+        form_id = request.path_params["form_id"]
+
+        if form_id == AUTH_FORM.id:
+            response = FormResponse(
+                id="not-submitted",
+                form_id=AUTH_FORM.id,
+                response={question.id: None for question in AUTH_FORM.questions},
+                timestamp=datetime.datetime.now().isoformat()
+            ).dict()
+            return JSONResponse({"form": AUTH_FORM.dict(admin=False), "response": response})
+
+        if form := await request.state.db.forms.find_one({"_id": form_id, "features": "OPEN"}):
             form = Form(**form)
             response = data.copy()
             response["id"] = str(uuid.uuid4())

poetry.lock

@@ -13,7 +13,7 @@ uvicorn = {extras = ["standard"], version = "^0.17.6"}
 motor = "^2.4.0"
 python-dotenv = "^0.19.2"
 pyjwt = "^2.4.0"
-httpx = "^0.22.0"
+httpx = "^0.23.0"
 gunicorn = "^20.1.0"
 pydantic = "^1.8.2"
 spectree = "^0.7.6"