Gitiles
Code Review Sign In
git.clicks.codes / Clicks / Forks / ERPNext / 8b744b2d03eb88b4674503836c3fa2da66674de6^! / . / erpnext
commit8b744b2d03eb88b4674503836c3fa2da66674de6[log] [tgz]
authorPranav Nachanekar <pranav@Pranavs-MacBook-Pro.local>Mon Sep 23 15:55:35 2019 +0530
committerPranav Nachanekar <pranav@Pranavs-MacBook-Pro.local>Mon Sep 23 15:55:35 2019 +0530
tree2b04fdd120438c309320d92180892957423892e4
parenta35e34b5f0f36323fd0941f5eb2070a5c4510622 [diff]
Added request verification and url encoding

diff --git a/erpnext/crm/doctype/appointment/appointment.py b/erpnext/crm/doctype/appointment/appointment.py
index 260026c..a495b91 100644
--- a/erpnext/crm/doctype/appointment/appointment.py
+++ b/erpnext/crm/doctype/appointment/appointment.py

@@ -4,6 +4,7 @@
 
 from __future__ import unicode_literals
 
+import urllib
 from collections import Counter
 from datetime import timedelta
 
@@ -11,6 +12,8 @@
 from frappe import _
 from frappe.model.document import Document
 from frappe.desk.form.assign_to import add as add_assignemnt
+from frappe.utils import get_url
+from frappe.utils.verified_command import verify_request,get_signed_params
 
 
 class Appointment(Document):
@@ -40,13 +43,23 @@
 			# Set status to unverified
 			self.status = 'Unverified'
 			# Send email to confirm
-			verify_url = ''.join([frappe.utils.get_url(),'/book-appointment/verify?email=',self.customer_email,'&appointment=',self.name])
+			verify_url = self.get_verify_url()
 			message = ''.join(['Please click the following link to confirm your appointment:',verify_url])
 			frappe.sendmail(recipients=[self.customer_email], 
 							message=message,
 							subject=_('Appointment Confirmation'))
 			frappe.msgprint('Please check your email to confirm the appointment')
 
+	def get_verify_url(self):
+		verify_route = '/book-appointment/verify'
+
+		params = {
+			'email':self.customer_email,
+			'appointment':self.name
+		}
+
+		return get_url(verify_route + '?' + get_signed_params(params))
+
 	def on_update(self):
 		# Sync Calednar
 		if not self.calendar_event:
@@ -60,8 +73,9 @@
 			frappe.throw('Email verification failed.')
 		# Create new lead
 		self.create_lead()
-		# Create calender event
+		# Remove unverified status
 		self.status = 'Open'
+		# Create calender event
 		self.create_calendar_event()
 		self.save(ignore_permissions=True)
 		frappe.db.commit()

diff --git a/erpnext/www/book-appointment/verify/index.py b/erpnext/www/book-appointment/verify/index.py
index d25b505..86f9515 100644
--- a/erpnext/www/book-appointment/verify/index.py
+++ b/erpnext/www/book-appointment/verify/index.py

@@ -1,8 +1,14 @@
 import frappe
+from frappe.utils.verified_command import verify_request
 @frappe.whitelist(allow_guest=True)
 def get_context(context):
+    if not verify_request():
+        context.success = False
+        return context
+    
     email = frappe.form_dict['email']
     appointment_name = frappe.form_dict['appointment']
+
     if email and appointment_name:
         appointment = frappe.get_doc('Appointment',appointment_name)
         appointment.set_verified(email)