Enhance captcha handling in BaseView and CaptchaWidget; streamline XHR responses in ViewAuth

aa.gustiana@gmail.com
Commit f1f27caf authored Sep 06, 2025 by aa.gustiana@gmail.com
Showing 3 changed files with 40 additions and 23 deletions
opensipkd/base/views/base_views.py
opensipkd/base/views/user_login.py
opensipkd/base/widgets/widget_os.py
--- a/opensipkd/base/views/base_views.py
+++ b/opensipkd/base/views/base_views.py
@@ -5,8 +5,10 @@ import os
 import re
 from datetime import datetime, date
 from email.utils import parseaddr
+from tarfile import data_filter
 from cgi import FieldStorage 
 from webob.multidict import MultiDict
+from opensipkd.tools.captcha import img_captcha
 import colander
 from datatables import ColumnDT
@@ -605,7 +607,15 @@ class BaseView(object):
    def returned_form(self, form, **kwargs):
        table = kwargs.get("table", None)
        if self.req.is_xhr:
-            return self.resp_xhr({"data": [form.cstruct]})
+            data =  form.cstruct
+            if "captcha" in form:
+                kode_captcha, file_name = img_captcha(self.req)
+                self.req.session["captcha"] = kode_captcha
+                url = self.get_captcha_url()
+                cstruct = url+file_name
+                data["captcha"] = cstruct
+            return self.resp_xhr({"data": data})
        resources = form.get_widget_resources()
        readonly = "readonly" in kwargs and kwargs["readonly"] or False
@@ -836,7 +846,7 @@ class BaseView(object):
                    value = self.before_add()
                    if self.req.is_xhr:
                        error = e.error.asdict()
-                        error.update(value)
+                        # error.update(value)
                        return self.resp_xhr({"error": error})
                    for f in e.field.children:
@@ -969,7 +979,8 @@ class BaseView(object):
            for val  in values["data"]:
                data.append(obj2json(val))
            values["data"] = data
+        else:
+            values["error"] = obj2json(values.get("error", {}))
        return Response(json=values)

--- a/opensipkd/base/views/user_login.py
+++ b/opensipkd/base/views/user_login.py
@@ -197,11 +197,14 @@ class ViewAuth(BaseView):
        if request.authenticated_userid:  # (request):
            message = 'Anda sudah login'
-            if self.req.is_xhr:
+            if request.is_xhr:
-                return Response(json={"error": 
+                user = request.user
-                                      {"code": "0000",
+                headers = get_login_headers(request, user)
-                                      "msg": message},
+                return xhr_response(user, headers)
-                                      "data":[]})
+                # return Response(json={"error": 
+                #                       {"code": "0000",
+                #                       "msg": message},
+                #                       "data":[]})
            request.session.flash('Anda sudah login', 'error')
            return HTTPFound(location=f"{request.home}")
@@ -313,7 +316,7 @@ class ViewAuth(BaseView):
            # d = self.form2dict(form)
            # d = d["children"]
            # d["permission"]=user.get_permissions()
-            return Response(json={"data": d})
+            # return Response(json={"data": d})
        if login_tpl:
            return render_to_response(
@@ -355,33 +358,34 @@ class ViewAuth(BaseView):
        return dict(form=form.render())
+def xhr_response(user, headers):
-def redirect_login(request, user):
-    set_user_log("Login Sukses", request, log, user.user_name)
-    for g in user.groups:
-        log.debug(f"Group: {g.id} as {g.group_name}")
-    headers = get_login_headers(request, user)
-    request.session.flash("Sukses Login")
-    next_url = request.params.get('next')
    partner = Partner.query_email(user.email).first()
    mobile = partner and partner.mobile or ""
    nama = partner and partner.nama or ""
    data = {
-        "data": [
+        "data": 
-            {
+            [{
                "user_id": user.user_name,
                "permission": user.get_permissions(),
                "token": user.security_code,
                "mobile": mobile,
                "email": user.email,
                "nama": nama,
-            }
+            }]
-        ],
    }
+    return Response(json=data, headerlist=headers)
+def redirect_login(request, user):
+    set_user_log("Login Sukses", request, log, user.user_name)
+    for g in user.groups:
+        log.debug(f"Group: {g.id} as {g.group_name}")
+    headers = get_login_headers(request, user)
    if request.is_xhr:
-        return Response(json=data, headerlist=headers)
+        return xhr_response(user, headers)
+    next_url = request.params.get('next')
    if not next_url and request.matched_route.name == 'login':
        url = get_params('modules_default', 'base-home')

--- a/opensipkd/base/widgets/widget_os.py
+++ b/opensipkd/base/widgets/widget_os.py
@@ -370,11 +370,13 @@ class CaptchaWidget(Widget):
    strip = True
    requirements = ()
    request = None
+    url = ""
    def __init__(self, **kw):
        super(CaptchaWidget, self).__init__(**kw)
    def serialize(self, field, cstruct, **kw):
+        file_name = ""
        if not cstruct:
            kode_captcha, file_name = img_captcha(self.request)
            self.request.session["captcha"] = kode_captcha