Verifying kudos sender through github login. #4089
Conversation
WalkthroughThe changes modify the Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant GiveKudosView
participant UserProfile as Sender Lookup
participant ReceiverModel as Receiver Lookup
Client->>GiveKudosView: POST request with sender_github and receiver info
GiveKudosView->>Sender Lookup: Retrieve sender using sender_github
alt Sender not found
Sender Lookup-->>GiveKudosView: Not found
GiveKudosView-->>Client: Return 404 error ("sender is missing")
else Sender found
Sender Lookup-->>GiveKudosView: Sender object
GiveKudosView->>ReceiverModel: Retrieve receiver using provided info
alt Receiver not found
ReceiverModel-->>GiveKudosView: Not found
GiveKudosView-->>Client: Return 404 error ("receiver not found")
else Receiver found
ReceiverModel-->>GiveKudosView: Receiver object
GiveKudosView-->>Client: Process kudos successfully
end
end
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms (2)
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
website/views/teams.py (2)
247-251: Remove debug print statementThe
print(sender_profile)statement appears to be for debugging purposes and should be removed before merging to production.- print(sender_profile)
257-260: Improved error handlingThe try-except block captures unexpected errors gracefully, though the error message could be more specific.
Consider adding more detail to the error message or logging the actual exception for better debugging:
except Exception as e: - return Response({"success": False, "error": "Unexpected error,Check The BLT usernames "}, status=400) + # Log the exception for debugging + print(f"Error in GiveKudosView: {str(e)}") + return Response({"success": False, "error": "Unexpected error. Please ensure GitHub usernames are correct."}, status=400)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
blt/urls.py(2 hunks)website/migrations/0235_alter_lecture_content_alter_lecture_instructor.py(1 hunks)website/templates/team_overview.html(2 hunks)website/views/teams.py(2 hunks)
🧰 Additional context used
🧬 Code Definitions (1)
blt/urls.py (1)
website/views/teams.py (1)
GiveKudosView(226-260)
🔇 Additional comments (10)
website/templates/team_overview.html (2)
674-676: Good addition of sender identificationThe code now retrieves the current user's username with a fallback mechanism. This ensures the sender information is always available for the kudos submission.
685-685: Correctly includes sender data in the request payloadAdding the sender's username to the JSON payload ensures proper attribution of kudos and integrates well with the new
GiveKudosViewclass.website/migrations/0235_alter_lecture_content_alter_lecture_instructor.py (1)
12-24: Migration properly modifies lecture model fieldsThe migration correctly modifies the
lecturemodel by:
- Making the
contentfield nullable and blank-able- Converting the
instructorfield to a ForeignKey with proper cascade behaviorThis change provides more flexibility in how lecture content is stored and instructor relationships are managed.
blt/urls.py (2)
280-280: Good import of the new class-based viewThe import of
GiveKudosViewis correctly placed in the imports section and maintains the alphabetical ordering of imports.
999-999: URL pattern correctly updated to use class-based viewThe URL pattern has been properly updated to use the new class-based view with
.as_view()instead of the function-based view.website/views/teams.py (5)
14-16: Appropriate imports for REST frameworkAdding the necessary REST framework imports enables the use of class-based views and structured API responses.
17-17: Updated model import includes KudosThe import statement now correctly includes the Kudos model needed by the new view.
226-229: Security consideration for authentication and permissionsThe view is configured without authentication or permission requirements. This seems intentional but could potentially expose the endpoint to abuse.
Consider adding at least some basic authentication to prevent potential abuse of the kudos system. Alternatively, document the reasoning for keeping this endpoint open.
230-241: Improved input validationThe implementation properly validates the presence of required fields and returns appropriate HTTP status codes with descriptive error messages.
242-256: GitHub-based sender verification implementationThe code correctly implements sender verification through GitHub by:
- Finding the receiver user by username
- Finding the sender user by matching their GitHub URL in UserProfile
- Validating both sender and receiver existence
- Creating the Kudos object with proper attribution
This is a good implementation of the feature described in the PR title.
|
/kudos |
|
|
|
/kudos @krrish-sehgal for getting kudos working |
|
|
|
Almost there! |
|
/kudos @krrish-sehgal for getting kudos working |
|
|
|
/kudos @krrish-sehgal |
|
|
|
/kudos krrish__sehgal test-comment |
|
🎉 Kudos from @krrish-sehgal to @krrish__sehgal! 🎉 test-comment ✅ Kudos successfully sent to the team API! |
|
@DonnieBLT sir , it should be the BLT username after the /kudos. |
* shifted to api * pre commit changes * pre-commit migration' * made rabbit changes * verifying sender by github profile * pre commit fix
* mentor changes * chore(deps): Bump aiohttp from 3.11.14 to 3.11.15 Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.11.14 to 3.11.15. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.11.14...v3.11.15) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump openai from 1.69.0 to 1.70.0 Bumps [openai](https://github.com/openai/openai-python) from 1.69.0 to 1.70.0. - [Release notes](https://github.com/openai/openai-python/releases) - [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md) - [Commits](openai/openai-python@v1.69.0...v1.70.0) --- updated-dependencies: - dependency-name: openai dependency-version: 1.70.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump sentry-sdk from 2.24.1 to 2.25.0 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.24.1 to 2.25.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.24.1...2.25.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * reminder-settings logic done * UI done for remdiner-settings * debug statement removed * chore(deps): Bump django from 5.1.7 to 5.1.8 Bumps [django](https://github.com/django/django) from 5.1.7 to 5.1.8. - [Commits](django/django@5.1.7...5.1.8) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump aiohttp from 3.11.15 to 3.11.16 --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.11.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump django-storages from 1.14.5 to 1.14.6 Bumps [django-storages](https://github.com/jschneier/django-storages) from 1.14.5 to 1.14.6. - [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst) - [Commits](jschneier/django-storages@1.14.5...1.14.6) --- updated-dependencies: - dependency-name: django-storages dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore(deps): Bump sentry-sdk from 2.25.0 to 2.25.1 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.25.0...2.25.1) --- updated-dependencies: - dependency-name: sentry-sdk dependency-version: 2.25.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Shifted Kudos view to the api (#4083) * shifted to api * pre commit changes * pre-commit migration' * made rabbit changes * Verifying kudos sender through github login. (#4089) * shifted to api * pre commit changes * pre-commit migration' * made rabbit changes * verifying sender by github profile * pre commit fix * fixes ssrf in OWASP compliance check (#4091) * fixes ssrf in OWASP compliance check * isort * try block * Implemented change provided by coderabbitai -Voidoid (#4098) * Implemented change provided by coderabbitai -Voidoid * Update website/templates/hackathons/detail.html --------- Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: DonnieBLT <[email protected]> * done (#4101) * Fix: Fixed the queue page. (#4075) * side navbar fixed * launched_at added and conditions added for it * transaction fixed * paid field added * view queue feature added * pre-commit error * improved UI/UX of whole page * changes in the UI * removed discord and slack options * post on launch added * pre-commit error * pre-commit error fixed * added h and w to all img tags * coderabit changes * Delete_Page UI Fixed (#4100) * done * done * chat-bot fixed (#4052) Co-authored-by: DonnieBLT <[email protected]> * added a close button to delete the message chat in messages (#4032) * added a close button to delete the message chat in messages * removed all console logs --------- Co-authored-by: DonnieBLT <[email protected]> * Added Threat Intelligence section to the Organization dashboard (#4036) * added Threat Intelligence * fix * fix * fix --------- Co-authored-by: DonnieBLT <[email protected]> * done (#4048) Co-authored-by: DonnieBLT <[email protected]> * number updated for django migrations * deleted old file * extra line added * extra line added * code fix * pre-commit check * pre-commit run * pre-commit run * migration fix * optimized logic to send mails * migration * precommit * pre-commit run * pre-commit * pre-commit run * cron changes * migration fixes * migration fix * removed extra urls: code clean * import correction * using get_or_create now * code refactor and bug fix --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Krrish Sehgal <[email protected]> Co-authored-by: Abhishek Kumar <[email protected]> Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: Voidoid1977 <[email protected]> Co-authored-by: DonnieBLT <[email protected]> Co-authored-by: Lucky negi <[email protected]> Co-authored-by: Rinkit Adhana <[email protected]> Co-authored-by: Swaparup Mukherjee <[email protected]> Co-authored-by: sath000007 <[email protected]>
fixes a part of #3871
Summary by CodeRabbit
Bug Fixes
Refactor