kaputtnik has proposed merging lp:~widelands-dev/widelands-website/cookies into lp:widelands-website.
Commit message: Use a session based csrf cookie; Fixed showing deleted username when quoting a post Requested reviews: Widelands Developers (widelands-dev) Related bugs: Bug #1780536 in Widelands Website: "Add a GDPR (german: DSGVO) to the website" https://bugs.launchpad.net/widelands-website/+bug/1780536 For more details, see: https://code.launchpad.net/~widelands-dev/widelands-website/cookies/+merge/355939 Follow up from the deleted_user branch: When quoting a forum post the real username, instead of DELETED_USERNAME, was shown. This branch fixes this. Use a session based csrf cookie, which means it will be deleted after closing the browser. I have tested several other cookie settings but i think this is the best for our needs. -- Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/cookies into lp:widelands-website.
=== modified file 'local_settings.py.sample' --- local_settings.py.sample 2018-05-12 14:01:09 +0000 +++ local_settings.py.sample 2018-10-01 17:22:13 +0000 @@ -13,6 +13,7 @@ STATIC_MEDIA_PATH = os.path.join(bd, 'media') MEDIA_ROOT = os.path.join(bd, 'media/') + # If you are using the developer version of widelands from Launchpad # set WIDELANDS_SVN_DIR to the correct path. See also: # https://wl.widelands.org/wiki/BzrPrimer/ === modified file 'pybb/util.py' --- pybb/util.py 2018-04-03 05:18:03 +0000 +++ pybb/util.py 2018-10-01 17:22:13 +0000 @@ -170,7 +170,10 @@ def quote_text(text, user, markup): """Quote message using selected markup.""" - text = '*' + user.username + ' wrote:*\n\n' + text + + quoted_username = settings.DELETED_USERNAME if user.wlprofile.deleted else user.username + + text = '*' + quoted_username + ' wrote:*\n\n' + text if markup == 'markdown': # Inserting a space after ">" will not change the generated HTML, === modified file 'settings.py' --- settings.py 2018-09-19 18:08:39 +0000 +++ settings.py 2018-10-01 17:22:13 +0000 @@ -330,6 +330,13 @@ DELETED_MAIL_ADDRESS = '' DELETED_USERNAME = 'Ex-Member' +################### +# Cookie settings # +################### + +# See: https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-age +CSRF_COOKIE_AGE = None + try: from local_settings import * except ImportError:
_______________________________________________ Mailing list: https://launchpad.net/~widelands-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp
