From 493622ab7e49d0ffcca0d50935a35dba80b30e39 Mon Sep 17 00:00:00 2001 From: sm4640 Date: Sat, 12 Apr 2025 15:53:08 +0900 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=90=9B=20Fix:=20[#30]=20=EC=BF=A0?= =?UTF-8?q?=ED=82=A4=20secure=3Dnot=20settings.debug=EB=A1=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- users/views.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/users/views.py b/users/views.py index 0d5d232..b70013f 100644 --- a/users/views.py +++ b/users/views.py @@ -1,3 +1,5 @@ +from django.conf import settings + from django.shortcuts import get_object_or_404 from rest_framework.views import APIView @@ -28,7 +30,7 @@ class RefreshAPIView(APIView): serializer = TokenRefreshSerializer(data={'refresh': refresh}) if serializer.is_valid(): res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG) return res except TokenError as e: return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED) @@ -75,7 +77,7 @@ class LoginAPIView(APIView): }, status=status.HTTP_200_OK, ) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG) return res else: return Response(serializer.errors) From a7dc98ee74cd9b77c66598072afde5f794400041 Mon Sep 17 00:00:00 2001 From: sm4640 Date: Sat, 12 Apr 2025 15:53:55 +0900 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=90=9B=20Fix:=20[#30]=20check=5Fuser?= =?UTF-8?q?=5Fportfolio=5Frel=20=EC=8B=9C=20try=20except?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- portfolios/views.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/portfolios/views.py b/portfolios/views.py index a7a2e08..00d33ed 100644 --- a/portfolios/views.py +++ b/portfolios/views.py @@ -77,8 +77,11 @@ class PortfolioChangeState(APIView): portfolio = get_object_or_404(Portfolio, pk=pk) user = request.user action_type = request.query_params.get('type') - if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): - return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST) + try: + if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): + return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST) + except ValueError as e: + return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST) return self._handle_action(action_type, portfolio, user, add=True) @transaction.atomic @@ -86,8 +89,11 @@ class PortfolioChangeState(APIView): portfolio = get_object_or_404(Portfolio, pk=pk) user = request.user action_type = request.query_params.get('type') - if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): - return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST) + try: + if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): + return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST) + except ValueError as e: + return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST) return self._handle_action(action_type, portfolio, user, add=False) def _handle_action(self, action_type, portfolio, user, add=True):