diff --git a/cgi-bin/form.py b/cgi-bin/form.py index 7f08fa6..f047682 100755 --- a/cgi-bin/form.py +++ b/cgi-bin/form.py @@ -1,17 +1,17 @@ #!/usr/bin/env python import base64 -import io import cgi import collections from collections.abc import Mapping import hmac -import mimetypes -import re -import os -import secrets import json +import mimetypes +import os +import re +import secrets from typing import Any, Optional, overload +from urllib.parse import urljoin import itsdangerous import requests @@ -303,7 +303,7 @@ ticket_details["Kontaktformular"] = form_name # testing). form_group = os.environ.get("ZAMMAD_GROUP", "") or form_group -ZAMMAD_URL = os.environ.get("ZAMMAD_URL", "").rstrip("/") +ZAMMAD_URL = os.environ.get("ZAMMAD_URL", "") ZAMMAD_TOKEN = os.environ.get("ZAMMAD_TOKEN", "") session.headers.update(Authorization=f"Token token={ZAMMAD_TOKEN}") @@ -315,7 +315,7 @@ try: # [1]: https://docs.zammad.org/en/latest/api/ticket/index.html#create # [2]: https://codeberg.org/angestoepselt/homepage/issues/141 response = session.post( - f"{ZAMMAD_URL}/api/v1/users", + urljoin(ZAMMAD_URL, "api/v1/users"), json=dict( # Yes, yes... This goes against pretty much all best practices for parsing # names. But: it's only internal and we save the name verbatim again below @@ -335,7 +335,7 @@ try: # Add the actual ticket to the system. response = session.post( - f"{ZAMMAD_URL}/api/v1/tickets", + urljoin(ZAMMAD_URL, "api/v1/tickets"), headers={ "X-On-Behalf-Of": contact_email, }, @@ -364,7 +364,7 @@ try: # Add a second article to the ticket that contains all the other information # from the contact form. response = session.post( - f"{ZAMMAD_URL}/api/v1/ticket_articles", + urljoin(ZAMMAD_URL, "api/v1/ticket_articles"), json=dict( ticket_id=ticket_id, type="note", @@ -379,7 +379,7 @@ try: # Add a tag to the ticket, denoting which contact form it came from. response = session.post( - f"{ZAMMAD_URL}/api/v1/tags/add", + urljoin(ZAMMAD_URL, "api/v1/tags/add"), json=dict( object="Ticket", o_id=ticket_id,