Verified Commit 873ce021 authored by Bogdan Bodnar's avatar Bogdan Bodnar
Browse files

Return 403 when unlogged instead of redirect.

parent d4fba176
Pipeline #51008 passed with stage
in 2 minutes and 22 seconds
......@@ -5,7 +5,9 @@
* See /LICENSE for more information.
*/
const API_URL_PREFIX = process.env.LIGHTTPD ? '/reforis/api' : '/api';
import {REFORIS_URL_PREFIX} from './constants';
const API_URL_PREFIX = `${REFORIS_URL_PREFIX}/api`;
const API_URLs = new Proxy({
notifications: '/notifications',
......
......@@ -7,6 +7,7 @@
import {useCallback, useReducer} from 'react';
import axios from 'axios';
import {ForisURLs} from './constants';
const POST_HEADERS = {
'Accept': 'application/json',
......@@ -58,7 +59,7 @@ export function useAPIGet(url) {
});
dispatch({type: API_ACTIONS.SUCCESS, payload: result.data});
} catch (error) {
dispatch({type: API_ACTIONS.FAILURE, payload: error.response.data});
dispatch({type: API_ACTIONS.FAILURE, payload: error.response.data, status: error.response.status});
}
}, [url]);
......@@ -81,6 +82,8 @@ const APIGetReducer = (state, action) => {
data: action.payload,
};
case API_ACTIONS.FAILURE:
if (action.status === 403)
window.location.assign(ForisURLs.login);
return {
...state,
isLoading: false,
......@@ -109,7 +112,7 @@ export function useAPIPost(url) {
});
dispatch({type: API_ACTIONS.SUCCESS, payload: result.data});
} catch (error) {
dispatch({type: API_ACTIONS.FAILURE, payload: error.response.data});
dispatch({type: API_ACTIONS.FAILURE, payload: error.response.data, status: error.response.status});
}
};
return [state, post];
......@@ -133,6 +136,8 @@ const APIPostReducer = (state, action) => {
data: action.payload
};
case API_ACTIONS.FAILURE:
if (action.status === 403)
window.location.assign(ForisURLs.login);
return {
...state,
isSending: false,
......
......@@ -12,7 +12,7 @@ Set of authentication helpers.
import base64
from flask import session, redirect, current_app, request, url_for
from flask import session, current_app, request, render_template
def login_to_foris(password):
......@@ -61,6 +61,7 @@ def register_login_required(app):
:param app: Flask application
"""
# pylint: disable=unused-variable,inconsistent-return-statements
@app.before_request
def require_login():
......@@ -88,4 +89,4 @@ def register_login_required(app):
if not view:
return
return redirect(url_for('Foris.login'))
return render_template('errors/403.html'), 403
{% extends 'base.html' %}
{% block title %}
{% trans %}403 - Forbidden{% endtrans %}
{% endblock %}
{% block content %}
<h1>403</h1>
<h3>{% trans %}Forbidden You don't have permission to access{% endtrans %}</h3>
<a>{% trans %}Do you want to <a href="{url_for('Foris.login')}">log in</a>?{% endtrans %}</a>
{% endblock %}
......@@ -35,11 +35,10 @@ def test_login_is_open(client):
assert response.status_code == 200
def test_login_redirect(client):
def test_login_403(client):
client.get('/logout') # Make sure user is logged out.
response = client.get('/')
assert response.status_code == 302
assert '/login' in response.headers['Location']
assert response.status_code == 403
def test_redirect_when_logged(client):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment