Download as
Browse Code »

Commit e68b4694893714a54ff48b1cd2c3f3516167f662

Authored by Ábner Silva de Oliveira
1 parent e946ea53
Exists in master and in 5 other branches build, build2, contigency_plan_recaptcha, production, staging

changed to not use a generic token to list proposals, events or any public endpo… 

…ints. Noosfero API is updated now, so private_token is necessary only to authenticate user when they try to submit data or get private content
Showing 2 changed files with 17 additions and 9 deletions   Show diff stats
index.html
  Diff comments   View file @e68b469
... ... @@ -440,6 +440,7 @@
440 440 </div>
441 441 <div class="oauth-providers">
442 442 <input id="user_oauth_providers" name="oauth_providers" type="hidden">
  443 + <input id="user_oauth_signup_token" name="oauth_signup_token" type="hidden">
443 444 </div>
444 445 <div id="serpro_captcha" class="captcha col-sm-12">
445 446 </div>
... ... @@ -565,4 +566,4 @@
565 566  
566 567 </body>
567 568  
568   -</html>
569 569 \ No newline at end of file
  570 +</html>
... ...
js/main.js
  Diff comments   View file @e68b469
... ... @@ -66,6 +66,7 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
66 66 function fillSignupForm(signupForm, user) {
67 67 signupForm.find('#signup-user_email').val(user.email);
68 68 signupForm.find('#signup-user_name').val(user.login);
  69 + signupForm.find('#user_oauth_signup_token').val(user.oauth_signup_token);
69 70 signupForm.find('#user_oauth_providers').val(user.oauth_providers);
70 71 /*signupForm.find('div.password').hide();
71 72 signupForm.find('div.password-confirmation').hide();
... ... @@ -74,7 +75,7 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
74 75 };
75 76  
76 77 return {
77   - private_token: '375bee7e17d0021af7160ce664874618',
  78 + /*private_token: '375bee7e17d0021af7160ce664874618',*/
78 79 getProposalId: function() {
79 80 var regexProposals = /\d.*\/propostas\/*.*/;
80 81 var proposalId = 0;
... ... @@ -89,7 +90,7 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
89 90 return proposalId;
90 91 },
91 92 loadRandomProposal: function (topic_id, force) {
92   - var private_token = window.Main.private_token;
  93 + /*var private_token = window.Main.private_token;*/
93 94 var $noProposals = $('.no-proposals');
94 95 var $loading = $('.loading');
95 96 var $randomProposal = $('.random-proposal');
... ... @@ -107,7 +108,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
107 108 if(childId !== 0 && !force){
108 109 url += '/' + childId;
109 110 }
110   - url += '?private_token=' + private_token + '&limit=1&order=random()&_='+new Date().getTime()+'&fields=id,name,slug,abstract,created_by&content_type=ProposalsDiscussionPlugin::Proposal';
  111 + //url += '?private_token=' + private_token + '&limit=1&order=random()&_='+new Date().getTime()+'&fields=id,name,slug,abstract,created_by&content_type=ProposalsDiscussionPlugin::Proposal';
  112 + url += '?limit=1&order=random()&_='+new Date().getTime()+'&fields=id,name,slug,abstract,created_by&content_type=ProposalsDiscussionPlugin::Proposal';
111 113  
112 114 $.getJSON(url).done(function( data ) {
113 115 $loading.hide();
... ... @@ -220,7 +222,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
220 222 $resultsContainer.find('.results-content').hide();
221 223  
222 224 var per_page = 10;
223   - var url = host + '/api/v1/proposals_discussion_plugin/' + topic_id + '/ranking' + '?private_token=' + Main.private_token + '&per_page='+per_page+'&page='+page;
  225 + //var url = host + '/api/v1/proposals_discussion_plugin/' + topic_id + '/ranking' + '?private_token=' + Main.private_token + '&per_page='+per_page+'&page='+page;
  226 + var url = host + '/api/v1/proposals_discussion_plugin/' + topic_id + '/ranking' + '?per_page='+per_page+'&page='+page;
224 227 $.getJSON(url).done(function( data, stats, xhr ) {
225 228 data.pagination = {
226 229 total: parseInt(xhr.getResponseHeader('Total')),
... ... @@ -317,7 +320,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
317 320 return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
318 321 },
319 322 display_article: function(article_id, backTo) {
320   - var url = host + '/api/v1/articles/' + article_id + '?private_token=' + Main.private_token;
  323 + //var url = host + '/api/v1/articles/' + article_id + '?private_token=' + Main.private_token;
  324 + var url = host + '/api/v1/articles/' + article_id;
321 325 $.getJSON(url).done(function( data ) {
322 326 $('#article-container .article-content').html(articleTemplate(data.article));
323 327 $('#article-container').show();
... ... @@ -442,7 +446,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
442 446 $proposal.find('.body').show();
443 447 $proposal.show();
444 448  
445   - var url = host + '/api/v1/articles/' + proposal_id + '?private_token=' + Main.private_token + '&fields=id,body&content_type=ProposalsDiscussionPlugin::Topic';
  449 + //var url = host + '/api/v1/articles/' + proposal_id + '?private_token=' + Main.private_token + '&fields=id,body&content_type=ProposalsDiscussionPlugin::Topic';
  450 + var url = host + '/api/v1/articles/' + proposal_id + '?fields=id,body&content_type=ProposalsDiscussionPlugin::Topic';
446 451 $.getJSON(url).done(function( data ) {
447 452 $('#proposal-item-' + proposal_id + ' .body-content').replaceWith(data.article.body);
448 453 })
... ... @@ -771,7 +776,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
771 776 return msg;
772 777 },
773 778 display_events: function(cat_id, active_category) {
774   - var url = host + '/api/v1/communities/' + dialoga_community + '/articles?categories_ids[]=' + cat_id + '&content_type=Event&private_token=' + '375bee7e17d0021af7160ce664874618';
  779 + //var url = host + '/api/v1/communities/' + dialoga_community + '/articles?categories_ids[]=' + cat_id + '&content_type=Event&private_token=' + '375bee7e17d0021af7160ce664874618';
  780 + var url = host + '/api/v1/communities/' + dialoga_community + '/articles?categories_ids[]=' + cat_id + '&content_type=Event';
775 781 $.getJSON(url).done(function (data) {
776 782  
777 783 if(data.articles.length === 0){
... ... @@ -791,7 +797,8 @@ define([&#39;jquery&#39;, &#39;handlebars&#39;, &#39;fastclick&#39;, &#39;proposal_app&#39;, &#39;handlebars_helpers
791 797 var dd = new Date(dt);
792 798 var time = dd.getHours() + ':' + (dd.getMinutes()<10?'0':'') + dd.getMinutes();
793 799 var params = {event: article, date: date, time: time, category: article.categories[0].name, category_class: active_category};
794   - $.getJSON(host+'/api/v1/articles/'+article.id+'/followers?private_token=' + '375bee7e17d0021af7160ce664874618' + '&_='+new Date().getTime()).done(function (data) {
  800 + //$.getJSON(host+'/api/v1/articles/'+article.id+'/followers?private_token=' + '375bee7e17d0021af7160ce664874618' + '&_='+new Date().getTime()).done(function (data) {
  801 + $.getJSON(host+'/api/v1/articles/'+article.id+'/followers?_='+new Date().getTime()).done(function (data) {
795 802 //FIXME do not depend on this request
796 803 params.total_followers = data.total_followers;
797 804 $('.calendar-container').html(calendarTemplate(params));
... ...