Adding InvalidView and verify_invite views to whitelist (user should …

…be able to access these without being in beta).

Enforcing login requirements before invitee with new code can be validated.  If user is not logged in, she is redirected to auth login page.  If auth 'next' feature is used, a successful login will then redirect to VerifiedView view.

.gitignor-ing Vagrant settings used for local development

Added test scenario for invalid Invite Code

.gitignore

@@ -57,4 +57,7 @@ media/c/m.scss
 
 media/c/m.scss
 
-*.sqlite
+*.sqlite
+
+vagrant_bootstrap.sh
+Vagrantfile

docs/example_app.rst

@@ -12,7 +12,7 @@ Clone the repo and run the included example django project::
 Guide
 -----
 
-The example app utlizes a basic configuration with
+The example app utilizes a basic configuration with
 `django-registration
 <https://bitbucket.org/ubernostrum/django-registration>`_ for
 verifying emails. Therefore the list of views in

hunger/middleware.py

@@ -58,7 +58,9 @@ def process_view(self, request, view_func, view_args, view_kwargs):
                                'django.contrib.staticfiles.views']
 
         # All hunger views, except NotBetaView, are off limits until in beta
-        whitelisted_views = ['hunger.views.NotBetaView']
+        whitelisted_views = ['hunger.views.NotBetaView',
+                             'hunger.views.verify_invite',
+                             'hunger.views.InvalidView']
 
         short_name = view_func.__class__.__name__
         if short_name == 'function':

hunger/templates/hunger/invalid.html

@@ -0,0 +1 @@
+You have an invalid Invite Code.

hunger/views.py

@@ -5,6 +5,7 @@
 from hunger.utils import setting, now
 from django.views.generic.base import TemplateView
 from django.views.generic.edit import FormView
+from django.contrib.auth.decorators import login_required
 
 
 class InviteView(FormView):
@@ -55,7 +56,11 @@ class InviteSentView(TemplateView):
     template_name = 'hunger/invite_sent.html'
 
 
+@login_required
 def verify_invite(request, code):
+    """
+    Verify new invitee by storing invite code in cookie for middleware to validate.
+    """
     response = redirect(setting('HUNGER_VERIFIED_REDIRECT'))
     response.set_cookie('hunger_code', code)
     return response

tests/tests.py

@@ -116,3 +116,9 @@ def test_invite_existing_user_without_email(self):
         response = self.client.get(reverse('invited_only'))
         # Alice should be denied, since she has no connection with email account
         self.assertEqual(response.status_code, 302)
+
+    def test_invalid_code(self):
+        invalid_code = 'XXXXinvalidcodeXXXX'
+        self.client.login(username='alice', password='secret')
+        response = self.client.get(reverse('hunger-verify', args=[invalid_code]), follow=True)
+        self.assertRedirects(response, reverse('hunger-invalid', args=[invalid_code]))