From 2bb910ea15cb47f883f2e00f8381652ae620db1b Mon Sep 17 00:00:00 2001
From: Marek Marecki <marekjm@ozro.pw>
Date: Sun, 23 Apr 2017 16:19:27 +0200
Subject: [PATCH] For some reason Diaspy cannot add users to aspects

---
 diaspy/errors.py |  3 +++
 diaspy/models.py | 26 ++++++++++++++++++++------
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/diaspy/errors.py b/diaspy/errors.py
index 443249b..08e5f5a 100644
--- a/diaspy/errors.py
+++ b/diaspy/errors.py
@@ -39,6 +39,9 @@ class LoginError(DiaspyError):
 class TokenError(DiaspyError):
     pass
 
+class CSRFProtectionKickedIn(TokenError):
+    pass
+
 
 class DataError(DiaspyError):
     pass
diff --git a/diaspy/models.py b/diaspy/models.py
index 38f9c78..8371194 100644
--- a/diaspy/models.py
+++ b/diaspy/models.py
@@ -80,18 +80,19 @@ class Aspect():
         users_in_aspect = self._defineusers(ajax, personids)
         return self._getguids(users_in_aspect, usernames)
 
-    def addUser(self, user_id):
+    def addUser(self, user):
         """Add user to current aspect.
 
         :param user_id: user to add to aspect
         :type user_id: int
         :returns: JSON from request
         """
-        data = {'authenticity_token': repr(self._connection),
-                'aspect_id': self.id,
-                'person_id': user_id}
+        data = {
+            'aspect_id': self.id,
+            'person_id': user.id(),
+        }
 
-        request = self._connection.post('aspect_memberships.json', data=data)
+        request = self._connection.tokenFrom('contacts').post('aspect_memberships', data=data)
 
         if request.status_code == 400:
             raise errors.AspectError('duplicate record, user already exists in aspect: {0}'.format(request.status_code))
@@ -99,7 +100,20 @@ class Aspect():
             raise errors.AspectError('user not found from this pod: {0}'.format(request.status_code))
         elif request.status_code != 200:
             raise errors.AspectError('wrong status code: {0}'.format(request.status_code))
-        return request.json()
+
+        response = None
+        try:
+            response = request.json()
+        except json.decoder.JSONDecodeError:
+            # FIXME For some (?) reason removing users from aspects works, but
+            # adding them is a no-go and Diaspora* kicks us out with CSRF errors.
+            # Weird.
+            pass
+
+        if response is None:
+            raise errors.CSRFProtectionKickedIn()
+
+        return response
 
     def removeUser(self, user):
         """Remove user from current aspect.
-- 
2.25.1