Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Turris
reForis
reForis
Commits
873ce021
Verified
Commit
873ce021
authored
Aug 06, 2019
by
Bogdan Bodnar
Browse files
Return 403 when unlogged instead of redirect.
parent
d4fba176
Pipeline
#51008
passed with stage
in 2 minutes and 22 seconds
Changes
5
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
js/src/common/API.js
View file @
873ce021
...
...
@@ -5,7 +5,9 @@
* See /LICENSE for more information.
*/
const
API_URL_PREFIX
=
process
.
env
.
LIGHTTPD
?
'
/reforis/api
'
:
'
/api
'
;
import
{
REFORIS_URL_PREFIX
}
from
'
./constants
'
;
const
API_URL_PREFIX
=
`
${
REFORIS_URL_PREFIX
}
/api`
;
const
API_URLs
=
new
Proxy
({
notifications
:
'
/notifications
'
,
...
...
js/src/common/APIhooks.js
View file @
873ce021
...
...
@@ -7,6 +7,7 @@
import
{
useCallback
,
useReducer
}
from
'
react
'
;
import
axios
from
'
axios
'
;
import
{
ForisURLs
}
from
'
./constants
'
;
const
POST_HEADERS
=
{
'
Accept
'
:
'
application/json
'
,
...
...
@@ -58,7 +59,7 @@ export function useAPIGet(url) {
});
dispatch
({
type
:
API_ACTIONS
.
SUCCESS
,
payload
:
result
.
data
});
}
catch
(
error
)
{
dispatch
({
type
:
API_ACTIONS
.
FAILURE
,
payload
:
error
.
response
.
data
});
dispatch
({
type
:
API_ACTIONS
.
FAILURE
,
payload
:
error
.
response
.
data
,
status
:
error
.
response
.
status
});
}
},
[
url
]);
...
...
@@ -81,6 +82,8 @@ const APIGetReducer = (state, action) => {
data
:
action
.
payload
,
};
case
API_ACTIONS
.
FAILURE
:
if
(
action
.
status
===
403
)
window
.
location
.
assign
(
ForisURLs
.
login
);
return
{
...
state
,
isLoading
:
false
,
...
...
@@ -109,7 +112,7 @@ export function useAPIPost(url) {
});
dispatch
({
type
:
API_ACTIONS
.
SUCCESS
,
payload
:
result
.
data
});
}
catch
(
error
)
{
dispatch
({
type
:
API_ACTIONS
.
FAILURE
,
payload
:
error
.
response
.
data
});
dispatch
({
type
:
API_ACTIONS
.
FAILURE
,
payload
:
error
.
response
.
data
,
status
:
error
.
response
.
status
});
}
};
return
[
state
,
post
];
...
...
@@ -133,6 +136,8 @@ const APIPostReducer = (state, action) => {
data
:
action
.
payload
};
case
API_ACTIONS
.
FAILURE
:
if
(
action
.
status
===
403
)
window
.
location
.
assign
(
ForisURLs
.
login
);
return
{
...
state
,
isSending
:
false
,
...
...
reforis/auth.py
View file @
873ce021
...
...
@@ -12,7 +12,7 @@ Set of authentication helpers.
import
base64
from
flask
import
session
,
redirect
,
current_app
,
request
,
url_for
from
flask
import
session
,
current_app
,
request
,
render_template
def
login_to_foris
(
password
):
...
...
@@ -61,6 +61,7 @@ def register_login_required(app):
:param app: Flask application
"""
# pylint: disable=unused-variable,inconsistent-return-statements
@
app
.
before_request
def
require_login
():
...
...
@@ -88,4 +89,4 @@ def register_login_required(app):
if
not
view
:
return
return
re
direct
(
url_for
(
'Foris.login'
))
return
re
nder_template
(
'errors/403.html'
),
403
reforis/templates/errors/403.html
0 → 100644
View file @
873ce021
{% extends 'base.html' %}
{% block title %}
{% trans %}403 - Forbidden{% endtrans %}
{% endblock %}
{% block content %}
<h1>
403
</h1>
<h3>
{% trans %}Forbidden You don't have permission to access{% endtrans %}
</h3>
<a>
{% trans %}Do you want to
<a
href=
"{url_for('Foris.login')}"
>
log in
</a>
?{% endtrans %}
</a>
{% endblock %}
tests/test_auth.py
View file @
873ce021
...
...
@@ -35,11 +35,10 @@ def test_login_is_open(client):
assert
response
.
status_code
==
200
def
test_login_
redirect
(
client
):
def
test_login_
403
(
client
):
client
.
get
(
'/logout'
)
# Make sure user is logged out.
response
=
client
.
get
(
'/'
)
assert
response
.
status_code
==
302
assert
'/login'
in
response
.
headers
[
'Location'
]
assert
response
.
status_code
==
403
def
test_redirect_when_logged
(
client
):
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment