From 4877e859bdcbfd8be7bcd567c21eaef566ddc5b5 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 26 May 2026 12:01:15 +0200 Subject: [PATCH] fix: update HTTP method requirements for borrar_producto and eliminar_direccion views to require POST only --- .dockerignore | 12 +++++++++++- Dockerfile | 22 +++++++++++++++++++--- tienda/tests.py | 4 ++-- tienda/views.py | 7 ++----- 4 files changed, 34 insertions(+), 11 deletions(-) diff --git a/.dockerignore b/.dockerignore index dbb263f..01639ee 100644 --- a/.dockerignore +++ b/.dockerignore @@ -6,4 +6,14 @@ venv .venv db.sqlite3 static -media \ No newline at end of file +media +docs +logs +staticfiles +.gitignore +AGENTS.md +Dockerfile +Makefile +nginx.conf +Procfile +uv.lock \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 3353fe0..4a05b8c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,18 +4,34 @@ ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 WORKDIR /app -COPY pyproject.toml uv.lock /app/ +COPY pyproject.toml uv.lock /app/ -RUN apk --no-cache update && apk --no-cache upgrade \ +RUN apk --no-cache update \ +&& apk --no-cache upgrade \ +&& apk --no-cache add \ + build-base \ + freetype-dev \ + jpeg-dev \ + zlib-dev \ && pip install --no-cache-dir uv \ && uv sync --no-dev --no-install-project # Install only dependencies, not the local project package -COPY . /app/ +COPY ./entrypoint.sh /app/entrypoint.sh RUN chmod +x /app/entrypoint.sh +COPY ./proyecto /app/proyecto +COPY ./tienda /app/tienda +COPY ./manage.py /app/manage.py + EXPOSE 8000 RUN mkdir -pv /fonts COPY tienda/static/fonts/ /fonts/ +RUN addgroup -S app \ +&& adduser -S app -G app \ +&& chown -R app:app /app /fonts + +USER app + ENTRYPOINT ["/bin/sh", "/app/entrypoint.sh"] diff --git a/tienda/tests.py b/tienda/tests.py index 3deccee..932f6b9 100644 --- a/tienda/tests.py +++ b/tienda/tests.py @@ -1786,7 +1786,7 @@ class EndpointViewTests(TestCase): self.assertTrue(OrderMessage.objects.filter(order_item=item, sender=self.seller).exists()) delete_get = self.client.get(reverse("borrar_producto", args=[created.id])) - self.assertEqual(delete_get.status_code, 302) + self.assertEqual(delete_get.status_code, 405) delete_post = self.client.post(reverse("borrar_producto", args=[created.id])) self.assertEqual(delete_post.status_code, 302) self.assertFalse(Product.objects.filter(id=created.id).exists()) @@ -2068,7 +2068,7 @@ class EndpointViewTests(TestCase): self.assertEqual(new_address.full_name, "Comprador Dos Editado") delete_get = self.client.get(reverse("eliminar_direccion", args=[new_address.id])) - self.assertEqual(delete_get.status_code, 302) + self.assertEqual(delete_get.status_code, 405) delete_post = self.client.post(reverse("eliminar_direccion", args=[new_address.id])) self.assertEqual(delete_post.status_code, 302) self.assertFalse(ShippingAddress.objects.filter(id=new_address.id).exists()) diff --git a/tienda/views.py b/tienda/views.py index b6391a1..087527e 100644 --- a/tienda/views.py +++ b/tienda/views.py @@ -1030,7 +1030,7 @@ def editar_producto(request: HttpRequest, id: int): }) @login_required -@require_http_methods(["GET", "POST"]) +@require_POST def borrar_producto(request: HttpRequest, id: int): """Borra un producto del usuario autenticado""" @@ -2191,12 +2191,9 @@ def editar_direccion(request: HttpRequest, id: int): @login_required -@require_http_methods(["GET", "POST"]) +@require_POST def eliminar_direccion(request: HttpRequest, id: int): """Elimina una dirección de entrega""" - if request.method != "POST": - messages.error(request, "Acción no permitida.") - return redirect("direcciones_usuario") direccion = get_object_or_404(ShippingAddress, id=id, user=request.user) direccion.delete()