Merge "Escape unicode characters when setting logout_reason cookie" into stable/wallaby

2021-10-18 17:25:09 +00:00 · 2021-10-18 17:25:09 +00:00 · 4e402ada25
commit 4e402ada25
parent d93f2b3ac2 07325eb90e
4 changed files with 21 additions and 11 deletions
--- a/horizon/templates/auth/_login_form.html
+++ b/horizon/templates/auth/_login_form.html
@ -52,13 +52,13 @@
            </p>
          </div>
        {% endif  %}
-        {% if request.COOKIES.logout_reason %}
-          {% if request.COOKIES.logout_status == "success" %}
+        {% if logout_reason %}
+          {% if logout_status == "success" %}
            <div class="form-group clearfix error help-block alert alert-success" id="logout_reason">
          {% else %}
            <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason">
          {% endif %}
-              <p>{{ request.COOKIES.logout_reason }}</p>
+              <p>{{ logout_reason }}</p>
            </div>
        {% endif %}
        {% if csrf_failure %}
--- a/horizon/templates/auth/_password_form.html
+++ b/horizon/templates/auth/_password_form.html
@ -31,13 +31,13 @@
        </div>
      {%endif%}
      <fieldset hz-login-finder>
-        {% if request.COOKIES.logout_reason %}
-          {% if request.COOKIES.logout_status == "success" %}
+        {% if logout_reason %}
+          {% if logout_status == "success" %}
            <div class="form-group clearfix error help-block alert alert-success" id="logout_reason">
          {% else %}
            <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason">
          {% endif %}
-              <p>{{ request.COOKIES.logout_reason }}</p>
+              <p>{{ logout_reason }}</p>
            </div>
        {% endif %}
        {% include "horizon/common/_form_fields.html" %}
--- a/horizon/utils/functions.py
+++ b/horizon/utils/functions.py
@ -43,7 +43,7 @@ def add_logout_reason(request, response, reason, status='success'):
    # Store the translated string in the cookie
    lang = translation.get_language_from_request(request)
    with translation.override(lang):
-        reason = str(reason)
+        reason = force_text(reason).encode('unicode_escape').decode('ascii')
        response.set_cookie('logout_reason', reason, max_age=10)
        response.set_cookie('logout_status', status, max_age=10)

--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@ -66,6 +66,11 @@ def get_csrf_reason(reason):
    return reason


+def set_logout_reason(res, msg):
+    msg = msg.encode('unicode_escape').decode('ascii')
+    res.set_cookie('logout_reason', msg, max_age=10)
+
+
 # TODO(stephenfin): Migrate to CBV
@sensitive_post_parameters()
@csrf_protect
@ -122,6 +127,9 @@ def login(request):

    choices = settings.WEBSSO_CHOICES
    reason = get_csrf_reason(request.GET.get('csrf_failure'))
+    logout_reason = request.COOKIES.get(
+        'logout_reason', '').encode('ascii').decode('unicode_escape')
+    logout_status = request.COOKIES.get('logout_status')
    extra_context = {
        'redirect_field_name': auth.REDIRECT_FIELD_NAME,
        'csrf_failure': reason,
@ -131,6 +139,8 @@ def login(request):
            'single_value': '',
            'label': '',
        },
+        'logout_reason': logout_reason,
+        'logout_status': logout_status,
    }

    if request.is_ajax():
@ -150,7 +160,7 @@ def login(request):
        res = django_http.HttpResponseRedirect(
            reverse('password', args=[exc.user_id]))
        msg = _("Your password has expired. Please set a new password.")
-        res.set_cookie('logout_reason', msg, max_age=10)
+        set_logout_reason(res, msg)

    # Save the region in the cookie, this is used as the default
    # selected region next time the Login form loads.
@ -201,7 +211,7 @@ def websso(request):
        else:
            msg = 'Login failed: %s' % exc
            res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
-            res.set_cookie('logout_reason', msg, max_age=10)
+            set_logout_reason(res, msg)
        return res

    auth_user.set_session_from_user(request, request.user)
@ -373,7 +383,7 @@ def switch_keystone_provider(request, keystone_provider=None,
        except exceptions.KeystoneAuthException as exc:
            msg = 'Keystone provider switch failed: %s' % exc
            res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
-            res.set_cookie('logout_reason', msg, max_age=10)
+            set_logout_reason(res, msg)
            return res
        auth.login(request, request.user)
        auth_user.set_session_from_user(request, request.user)
@ -403,5 +413,5 @@ class PasswordView(edit_views.FormView):
        # We have no session here, so regular messages don't work.
        msg = _('Password changed. Please log in to continue.')
        res = django_http.HttpResponseRedirect(self.success_url)
-        res.set_cookie('logout_reason', msg, max_age=10)
+        set_logout_reason(res, msg)
        return res