From 3d6dff359d75346cd4c6351b6a6890f7c5191908 Mon Sep 17 00:00:00 2001
From: Kevin Mok <kevin.mok@live.ca>
Date: Tue, 6 Nov 2018 21:45:52 -0500
Subject: [PATCH] Store user id/secret in session upon login (#61)

History table uses session's user_id instead of secret in URL.
---
 graphs/templates/graphs/logged_in.html | 2 +-
 graphs/urls.py                         | 5 +++--
 graphs/views.py                        | 4 ++--
 login/views.py                         | 7 +++++++
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/graphs/templates/graphs/logged_in.html b/graphs/templates/graphs/logged_in.html
index a804be1..f34655d 100644
--- a/graphs/templates/graphs/logged_in.html
+++ b/graphs/templates/graphs/logged_in.html
@@ -16,7 +16,7 @@
     <a class="btn btn-primary" href="{% url "graphs:display_artist_graph" user_secret %}" role="button">
         Artists
     </a>
-    <a class="btn btn-primary" href="{% url "graphs:display_history_table" user_secret %}" role="button">
+    <a class="btn btn-primary" href="{% url "graphs:display_history_table" %}" role="button">
         History
     </a>
 </body>
diff --git a/graphs/urls.py b/graphs/urls.py
index 3d9c0c8..7f985e1 100644
--- a/graphs/urls.py
+++ b/graphs/urls.py
@@ -10,6 +10,7 @@ urlpatterns = [
         name='display_genre_graph'),
     path('audio_features/<str:user_secret>', display_features_graphs,
         name='display_audio_features'),
-    path('history/<str:user_secret>', display_history_table,
-        name='display_history_table'),
+    #  path('history/<str:user_secret>', display_history_table,
+        #  name='display_history_table'),
+    path('history/', display_history_table, name='display_history_table'),
 ]
diff --git a/graphs/views.py b/graphs/views.py
index 6a9811e..85fa94c 100644
--- a/graphs/views.py
+++ b/graphs/views.py
@@ -43,14 +43,14 @@ def display_features_graphs(request, user_secret):
     return render(request, "graphs/features_graphs.html",
             get_secret_context(user_secret))
 
-def display_history_table(request, user_secret):
+def display_history_table(request):
     """Renders the user history page
 
     :param request: the HTTP request
     :param user_secret: user secret used for identification
     :return: renders the user history page
     """
-    user_id = User.objects.get(secret=user_secret).id
+    user_id = request.session['user_id']
     user_history = History.objects.filter(user__exact=user_id).order_by('-timestamp')
     history_table = HistoryTable(user_history)
     history_table.exclude = ('id', 'user', 'track', ) 
diff --git a/login/views.py b/login/views.py
index 17db2a5..649ced2 100644
--- a/login/views.py
+++ b/login/views.py
@@ -74,6 +74,9 @@ def callback(request):
     user_obj = create_user(token_response['refresh_token'],
             token_response['access_token'],
             token_response['expires_in']) 
+    
+    request.session['user_id'] = user_obj.id
+    request.session['user_secret'] = user_obj.secret
 
     return render(request, 'login/scan.html', get_user_context(user_obj))
 
@@ -86,6 +89,10 @@ def admin_graphs(request):
     """
     user_id = "polarbier"
     #  user_id = "chrisshyi13"
+
+    request.session['user_id'] = user_id
+    #  request.session['user_secret'] = user_obj.secret
+    request.session['user_secret'] = User.objects.get(id=user_id).secret
     user_obj = User.objects.get(id=user_id)
     return render(request, 'graphs/logged_in.html', get_user_context(user_obj))