Show NotAuthorized error message on a separate page
Change-Id: I02d9d610a0e5feff7da14f86d003ec21010ab26a Closes-Bug: #1709077
This commit is contained in:
parent
50354f0248
commit
8f4e02c96d
@ -226,19 +226,8 @@ def handle_unauthorized(request, message, redirect, ignore, escalate, handled,
|
|||||||
# some clients, so let's define our own fallback.
|
# some clients, so let's define our own fallback.
|
||||||
fallback = _("Unauthorized. Please try logging in again.")
|
fallback = _("Unauthorized. Please try logging in again.")
|
||||||
messages.error(request, message or fallback)
|
messages.error(request, message or fallback)
|
||||||
# Escalation means logging the user out and raising NotAuthorized
|
# Continue and present our "unauthorized" error message.
|
||||||
# so the middleware will redirect them appropriately.
|
|
||||||
if escalate:
|
|
||||||
# Prevents creation of circular import. django.contrib.auth
|
|
||||||
# requires openstack_dashboard.settings to be loaded (by trying to
|
|
||||||
# access settings.CACHES in django.core.caches) while
|
|
||||||
# openstack_dashboard.settings requires django.contrib.auth to be
|
|
||||||
# loaded while importing openstack_auth.utils
|
|
||||||
from django.contrib.auth import logout
|
|
||||||
logout(request)
|
|
||||||
raise NotAuthorized
|
raise NotAuthorized
|
||||||
# Otherwise continue and present our "unauthorized" error message.
|
|
||||||
return NotAuthorized
|
|
||||||
|
|
||||||
|
|
||||||
def handle_notfound(request, message, redirect, ignore, escalate, handled,
|
def handle_notfound(request, message, redirect, ignore, escalate, handled,
|
||||||
|
@ -30,7 +30,6 @@ from django import http
|
|||||||
from django import shortcuts
|
from django import shortcuts
|
||||||
from django.utils.encoding import iri_to_uri
|
from django.utils.encoding import iri_to_uri
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils.translation import ugettext_lazy as _
|
|
||||||
|
|
||||||
from openstack_auth import views as auth_views
|
from openstack_auth import views as auth_views
|
||||||
|
|
||||||
@ -128,12 +127,9 @@ class HorizonMiddleware(object):
|
|||||||
response = redirect_to_login(next_url, login_url=login_url,
|
response = redirect_to_login(next_url, login_url=login_url,
|
||||||
redirect_field_name=field_name)
|
redirect_field_name=field_name)
|
||||||
if isinstance(exception, exceptions.NotAuthorized):
|
if isinstance(exception, exceptions.NotAuthorized):
|
||||||
logout_reason = _("Unauthorized. Please try logging in again.")
|
|
||||||
utils.add_logout_reason(request, response, logout_reason,
|
|
||||||
'error')
|
|
||||||
# delete messages, created in get_data() method
|
|
||||||
# since we are going to redirect user to the login page
|
|
||||||
response.delete_cookie('messages')
|
response.delete_cookie('messages')
|
||||||
|
return shortcuts.render(request, 'not_authorized.html',
|
||||||
|
status=403)
|
||||||
|
|
||||||
if request.is_ajax():
|
if request.is_ajax():
|
||||||
response_401 = http.HttpResponse(status=401)
|
response_401 = http.HttpResponse(status=401)
|
||||||
|
10
horizon/templates/not_authorized.html
Normal file
10
horizon/templates/not_authorized.html
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block breadcrumb_nav %}
|
||||||
|
{% endblock %}
|
||||||
|
{% block title %}{% trans "Unauthorized. Please try logging in again." %}{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
{% trans "You are mot authorized to access this page" %}
|
||||||
|
<a href="{% url 'login' %}">{% trans "Login" %}</a>
|
||||||
|
{% endblock %}
|
@ -277,18 +277,17 @@ class HorizonTests(BaseHorizonTests):
|
|||||||
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
||||||
|
|
||||||
resp = self.client.get(panel.get_absolute_url())
|
resp = self.client.get(panel.get_absolute_url())
|
||||||
self.assertEqual(302, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
|
|
||||||
resp = self.client.get(panel.get_absolute_url(),
|
resp = self.client.get(panel.get_absolute_url(),
|
||||||
follow=False,
|
follow=False,
|
||||||
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
||||||
self.assertEqual(401, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
|
|
||||||
# Test insufficient permissions for logged-in user
|
# Test insufficient permissions for logged-in user
|
||||||
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
||||||
self.assertEqual(200, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
self.assertTemplateUsed(resp, "auth/login.html")
|
self.assertTemplateUsed(resp, "not_authorized.html")
|
||||||
self.assertContains(resp, "Login as different user", 1, 200)
|
|
||||||
|
|
||||||
# Set roles for admin user
|
# Set roles for admin user
|
||||||
self.set_permissions(permissions=['test'])
|
self.set_permissions(permissions=['test'])
|
||||||
@ -440,18 +439,17 @@ class CustomPermissionsTests(BaseHorizonTests):
|
|||||||
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
||||||
|
|
||||||
resp = self.client.get(panel.get_absolute_url())
|
resp = self.client.get(panel.get_absolute_url())
|
||||||
self.assertEqual(302, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
|
|
||||||
resp = self.client.get(panel.get_absolute_url(),
|
resp = self.client.get(panel.get_absolute_url(),
|
||||||
follow=False,
|
follow=False,
|
||||||
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
||||||
self.assertEqual(401, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
|
|
||||||
# Test customized permissions for logged-in user
|
# Test customized permissions for logged-in user
|
||||||
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
||||||
self.assertEqual(200, resp.status_code)
|
self.assertEqual(403, resp.status_code)
|
||||||
self.assertTemplateUsed(resp, "auth/login.html")
|
self.assertTemplateUsed(resp, "not_authorized.html")
|
||||||
self.assertContains(resp, "Login as different user", 1, 200)
|
|
||||||
|
|
||||||
# Set roles for admin user
|
# Set roles for admin user
|
||||||
self.set_permissions(permissions=['test'])
|
self.set_permissions(permissions=['test'])
|
||||||
|
@ -41,7 +41,7 @@ class MiddlewareTests(test.TestCase):
|
|||||||
request = self.factory.post(url)
|
request = self.factory.post(url)
|
||||||
|
|
||||||
mw = middleware.HorizonMiddleware()
|
mw = middleware.HorizonMiddleware()
|
||||||
resp = mw.process_exception(request, exceptions.NotAuthorized())
|
resp = mw.process_exception(request, exceptions.NotAuthenticated())
|
||||||
resp.client = self.client
|
resp.client = self.client
|
||||||
|
|
||||||
if django.VERSION >= (1, 9):
|
if django.VERSION >= (1, 9):
|
||||||
|
@ -23,7 +23,6 @@ import sys
|
|||||||
|
|
||||||
import django
|
import django
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.forms import widgets
|
from django.forms import widgets
|
||||||
from django import http
|
from django import http
|
||||||
@ -1155,11 +1154,9 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase):
|
|||||||
def test_instance_details_unauthorized(self):
|
def test_instance_details_unauthorized(self):
|
||||||
server = self.servers.first()
|
server = self.servers.first()
|
||||||
|
|
||||||
api.nova.server_get(IsA(http.HttpRequest), server.id)\
|
|
||||||
.AndRaise(self.exceptions.nova_unauthorized)
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
|
||||||
url = reverse('horizon:project:instances:detail',
|
url = reverse('horizon:admin:instances:detail',
|
||||||
args=[server.id])
|
args=[server.id])
|
||||||
|
|
||||||
# Avoid the log message in the test
|
# Avoid the log message in the test
|
||||||
@ -1168,11 +1165,7 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase):
|
|||||||
res = self.client.get(url)
|
res = self.client.get(url)
|
||||||
logging.disable(logging.NOTSET)
|
logging.disable(logging.NOTSET)
|
||||||
|
|
||||||
self.assertEqual(302, res.status_code)
|
self.assertEqual(403, res.status_code)
|
||||||
self.assertEqual(('Location', settings.TESTSERVER +
|
|
||||||
settings.LOGIN_URL + '?' +
|
|
||||||
REDIRECT_FIELD_NAME + '=' + url),
|
|
||||||
res._headers.get('location', None),)
|
|
||||||
|
|
||||||
def test_instance_details_flavor_not_found(self):
|
def test_instance_details_flavor_not_found(self):
|
||||||
server = self.servers.first()
|
server = self.servers.first()
|
||||||
|
@ -19,8 +19,6 @@
|
|||||||
import datetime
|
import datetime
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from django.conf import settings
|
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django import http
|
from django import http
|
||||||
from django.test.utils import override_settings
|
from django.test.utils import override_settings
|
||||||
@ -166,11 +164,9 @@ class UsageViewTests(test.TestCase):
|
|||||||
self._nova_stu_enabled(exception)
|
self._nova_stu_enabled(exception)
|
||||||
|
|
||||||
def test_unauthorized(self):
|
def test_unauthorized(self):
|
||||||
self._stub_nova_api_calls_unauthorized(
|
|
||||||
self.exceptions.nova_unauthorized)
|
|
||||||
self.mox.ReplayAll()
|
self.mox.ReplayAll()
|
||||||
|
|
||||||
url = reverse('horizon:project:overview:index')
|
url = reverse('horizon:admin:volumes:index')
|
||||||
|
|
||||||
# Avoid the log message in the test
|
# Avoid the log message in the test
|
||||||
# when unauthorized exception will be logged
|
# when unauthorized exception will be logged
|
||||||
@ -178,11 +174,7 @@ class UsageViewTests(test.TestCase):
|
|||||||
res = self.client.get(url)
|
res = self.client.get(url)
|
||||||
logging.disable(logging.NOTSET)
|
logging.disable(logging.NOTSET)
|
||||||
|
|
||||||
self.assertEqual(302, res.status_code)
|
self.assertEqual(403, res.status_code)
|
||||||
self.assertEqual(('Location', settings.TESTSERVER +
|
|
||||||
settings.LOGIN_URL + '?' +
|
|
||||||
REDIRECT_FIELD_NAME + '=' + url),
|
|
||||||
res._headers.get('location', None),)
|
|
||||||
|
|
||||||
def test_usage_csv(self):
|
def test_usage_csv(self):
|
||||||
self._test_usage_csv(nova_stu_enabled=True)
|
self._test_usage_csv(nova_stu_enabled=True)
|
||||||
|
Loading…
Reference in New Issue
Block a user