Post comments with REST Web API without DRF not working in versions >2.6.2

danirus / django-comments-xtd

A pluggable Django comments application with thread support, follow-up notifications, mail confirmation, like/dislike flags, moderation, a ReactJS plugin and Bootstrap 5.3.

https://django-comments-xtd.readthedocs.io

BSD 2-Clause "Simplified" License

594 stars 158 forks source link

Post comments with REST Web API without DRF not working in versions >2.6.2 #229

Closed TommasoAmici closed 3 years ago

TommasoAmici commented 3 years ago

In version 2.7.0 this was added

support to allow Django REST Framework authentication classes

The old workflow with timestamp and security_hash doesn't seem to work on versions after 2.6.2. Is this behavior intended?

danirus commented 3 years ago

No, it should work provided an empty honeypot field, a valid timestamp and security_hash. Version 2.7.0 allows posting comments with the REST API without those fields, but has to work with them too.

TommasoAmici commented 3 years ago

Ok, I've managed to make it work, thanks. This is what I changed:

const data: CommentPayload = {
      object_pk: commentsProps.form.object_pk,
      content_type: commentsProps.form.content_type,
-     reply_to: commentID !== null ? commentID : "0",
+     reply_to: commentID !== null ? parseInt(commentID) : 0,
-     honeypot: "",
    };

danirus commented 3 years ago

Thanks for your feedback! You shouldn't have to remove the honeypot field. So it's a bug.