Remove signed_data_view decorator to support url type checking. (#1658)

* Remove signed_data_view decorator to support url type checking.

The package django-urlconfchecks was erroring on the toolbar's
URLs because signed_data_view was injecting an extra parameter
for the views. The alternative to the decorator isn't terrible
so let's use that instead. Eventually this can be shortened
with the walrus operator when py37 support is dropped.

* Use django-urlconfchecks in a URL to avoid adding it to docs' words list.

Author: tim-schilling

debug_toolbar/decorators.py

@@ -1,6 +1,6 @@
 import functools
 
-from django.http import Http404, HttpResponseBadRequest
+from django.http import Http404
 
 
 def require_show_toolbar(view):
@@ -15,21 +15,3 @@ def inner(request, *args, **kwargs):
         return view(request, *args, **kwargs)
 
     return inner
-
-
-def signed_data_view(view):
-    """Decorator that handles unpacking a signed data form"""
-
-    @functools.wraps(view)
-    def inner(request, *args, **kwargs):
-        from debug_toolbar.forms import SignedDataForm
-
-        data = request.GET if request.method == "GET" else request.POST
-        signed_form = SignedDataForm(data)
-        if signed_form.is_valid():
-            return view(
-                request, *args, verified_data=signed_form.verified_data(), **kwargs
-            )
-        return HttpResponseBadRequest("Invalid signature")
-
-    return inner

debug_toolbar/forms.py

@@ -21,7 +21,6 @@ class PanelForm(forms.Form):
             panel_form = PanelForm(signed_form.verified_data)
             if panel_form.is_valid():
                 # Success
-    Or wrap the FBV with ``debug_toolbar.decorators.signed_data_view``
     """
 
     salt = "django_debug_toolbar"

debug_toolbar/panels/sql/views.py

@@ -2,15 +2,27 @@
 from django.template.loader import render_to_string
 from django.views.decorators.csrf import csrf_exempt
 
-from debug_toolbar.decorators import require_show_toolbar, signed_data_view
+from debug_toolbar.decorators import require_show_toolbar
+from debug_toolbar.forms import SignedDataForm
 from debug_toolbar.panels.sql.forms import SQLSelectForm
 
 
+def get_signed_data(request):
+    """Unpack a signed data form, if invalid returns None"""
+    data = request.GET if request.method == "GET" else request.POST
+    signed_form = SignedDataForm(data)
+    if signed_form.is_valid():
+        return signed_form.verified_data()
+    return None
+
+
 @csrf_exempt
 @require_show_toolbar
-@signed_data_view
-def sql_select(request, verified_data):
+def sql_select(request):
     """Returns the output of the SQL SELECT statement"""
+    verified_data = get_signed_data(request)
+    if not verified_data:
+        return HttpResponseBadRequest("Invalid signature")
     form = SQLSelectForm(verified_data)
 
     if form.is_valid():
@@ -35,9 +47,11 @@ def sql_select(request, verified_data):
 
 @csrf_exempt
 @require_show_toolbar
-@signed_data_view
-def sql_explain(request, verified_data):
+def sql_explain(request):
     """Returns the output of the SQL EXPLAIN on the given query"""
+    verified_data = get_signed_data(request)
+    if not verified_data:
+        return HttpResponseBadRequest("Invalid signature")
     form = SQLSelectForm(verified_data)
 
     if form.is_valid():
@@ -71,9 +85,11 @@ def sql_explain(request, verified_data):
 
 @csrf_exempt
 @require_show_toolbar
-@signed_data_view
-def sql_profile(request, verified_data):
+def sql_profile(request):
     """Returns the output of running the SQL and getting the profiling statistics"""
+    verified_data = get_signed_data(request)
+    if not verified_data:
+        return HttpResponseBadRequest("Invalid signature")
     form = SQLSelectForm(verified_data)
 
     if form.is_valid():

docs/changes.rst

@@ -1,6 +1,12 @@
 Change log
 ==========
 
+Pending
+-------
+
+* Remove decorator ``signed_data_view`` as it was causing issues with
+  `django-urlconfchecks <https://github.com/AliSayyah/django-urlconfchecks/>`__.
+
 3.5.0 (2022-06-23)
 ------------------