Show NotAuthorized error message on a separate page
Change-Id: I02d9d610a0e5feff7da14f86d003ec21010ab26a Closes-Bug: #1709077
This commit is contained in:
parent
50354f0248
commit
8f4e02c96d
@ -226,19 +226,8 @@ def handle_unauthorized(request, message, redirect, ignore, escalate, handled,
|
||||
# some clients, so let's define our own fallback.
|
||||
fallback = _("Unauthorized. Please try logging in again.")
|
||||
messages.error(request, message or fallback)
|
||||
# Escalation means logging the user out and raising NotAuthorized
|
||||
# so the middleware will redirect them appropriately.
|
||||
if escalate:
|
||||
# Prevents creation of circular import. django.contrib.auth
|
||||
# requires openstack_dashboard.settings to be loaded (by trying to
|
||||
# access settings.CACHES in django.core.caches) while
|
||||
# openstack_dashboard.settings requires django.contrib.auth to be
|
||||
# loaded while importing openstack_auth.utils
|
||||
from django.contrib.auth import logout
|
||||
logout(request)
|
||||
# Continue and present our "unauthorized" error message.
|
||||
raise NotAuthorized
|
||||
# Otherwise continue and present our "unauthorized" error message.
|
||||
return NotAuthorized
|
||||
|
||||
|
||||
def handle_notfound(request, message, redirect, ignore, escalate, handled,
|
||||
|
@ -30,7 +30,6 @@ from django import http
|
||||
from django import shortcuts
|
||||
from django.utils.encoding import iri_to_uri
|
||||
from django.utils import timezone
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from openstack_auth import views as auth_views
|
||||
|
||||
@ -128,12 +127,9 @@ class HorizonMiddleware(object):
|
||||
response = redirect_to_login(next_url, login_url=login_url,
|
||||
redirect_field_name=field_name)
|
||||
if isinstance(exception, exceptions.NotAuthorized):
|
||||
logout_reason = _("Unauthorized. Please try logging in again.")
|
||||
utils.add_logout_reason(request, response, logout_reason,
|
||||
'error')
|
||||
# delete messages, created in get_data() method
|
||||
# since we are going to redirect user to the login page
|
||||
response.delete_cookie('messages')
|
||||
return shortcuts.render(request, 'not_authorized.html',
|
||||
status=403)
|
||||
|
||||
if request.is_ajax():
|
||||
response_401 = http.HttpResponse(status=401)
|
||||
|
10
horizon/templates/not_authorized.html
Normal file
10
horizon/templates/not_authorized.html
Normal file
@ -0,0 +1,10 @@
|
||||
{% extends 'base.html' %}
|
||||
{% load i18n %}
|
||||
{% block breadcrumb_nav %}
|
||||
{% endblock %}
|
||||
{% block title %}{% trans "Unauthorized. Please try logging in again." %}{% endblock %}
|
||||
|
||||
{% block main %}
|
||||
{% trans "You are mot authorized to access this page" %}
|
||||
<a href="{% url 'login' %}">{% trans "Login" %}</a>
|
||||
{% endblock %}
|
@ -277,18 +277,17 @@ class HorizonTests(BaseHorizonTests):
|
||||
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
||||
|
||||
resp = self.client.get(panel.get_absolute_url())
|
||||
self.assertEqual(302, resp.status_code)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
resp = self.client.get(panel.get_absolute_url(),
|
||||
follow=False,
|
||||
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
||||
self.assertEqual(401, resp.status_code)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
# Test insufficient permissions for logged-in user
|
||||
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateUsed(resp, "auth/login.html")
|
||||
self.assertContains(resp, "Login as different user", 1, 200)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
self.assertTemplateUsed(resp, "not_authorized.html")
|
||||
|
||||
# Set roles for admin user
|
||||
self.set_permissions(permissions=['test'])
|
||||
@ -440,18 +439,17 @@ class CustomPermissionsTests(BaseHorizonTests):
|
||||
self.assertQuerysetEqual(self.user.get_all_permissions(), [])
|
||||
|
||||
resp = self.client.get(panel.get_absolute_url())
|
||||
self.assertEqual(302, resp.status_code)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
resp = self.client.get(panel.get_absolute_url(),
|
||||
follow=False,
|
||||
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
|
||||
self.assertEqual(401, resp.status_code)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
# Test customized permissions for logged-in user
|
||||
resp = self.client.get(panel.get_absolute_url(), follow=True)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
self.assertTemplateUsed(resp, "auth/login.html")
|
||||
self.assertContains(resp, "Login as different user", 1, 200)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
self.assertTemplateUsed(resp, "not_authorized.html")
|
||||
|
||||
# Set roles for admin user
|
||||
self.set_permissions(permissions=['test'])
|
||||
|
@ -41,7 +41,7 @@ class MiddlewareTests(test.TestCase):
|
||||
request = self.factory.post(url)
|
||||
|
||||
mw = middleware.HorizonMiddleware()
|
||||
resp = mw.process_exception(request, exceptions.NotAuthorized())
|
||||
resp = mw.process_exception(request, exceptions.NotAuthenticated())
|
||||
resp.client = self.client
|
||||
|
||||
if django.VERSION >= (1, 9):
|
||||
|
@ -23,7 +23,6 @@ import sys
|
||||
|
||||
import django
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.forms import widgets
|
||||
from django import http
|
||||
@ -1155,11 +1154,9 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase):
|
||||
def test_instance_details_unauthorized(self):
|
||||
server = self.servers.first()
|
||||
|
||||
api.nova.server_get(IsA(http.HttpRequest), server.id)\
|
||||
.AndRaise(self.exceptions.nova_unauthorized)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('horizon:project:instances:detail',
|
||||
url = reverse('horizon:admin:instances:detail',
|
||||
args=[server.id])
|
||||
|
||||
# Avoid the log message in the test
|
||||
@ -1168,11 +1165,7 @@ class InstanceTests(helpers.ResetImageAPIVersionMixin, helpers.TestCase):
|
||||
res = self.client.get(url)
|
||||
logging.disable(logging.NOTSET)
|
||||
|
||||
self.assertEqual(302, res.status_code)
|
||||
self.assertEqual(('Location', settings.TESTSERVER +
|
||||
settings.LOGIN_URL + '?' +
|
||||
REDIRECT_FIELD_NAME + '=' + url),
|
||||
res._headers.get('location', None),)
|
||||
self.assertEqual(403, res.status_code)
|
||||
|
||||
def test_instance_details_flavor_not_found(self):
|
||||
server = self.servers.first()
|
||||
|
@ -19,8 +19,6 @@
|
||||
import datetime
|
||||
import logging
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.core.urlresolvers import reverse
|
||||
from django import http
|
||||
from django.test.utils import override_settings
|
||||
@ -166,11 +164,9 @@ class UsageViewTests(test.TestCase):
|
||||
self._nova_stu_enabled(exception)
|
||||
|
||||
def test_unauthorized(self):
|
||||
self._stub_nova_api_calls_unauthorized(
|
||||
self.exceptions.nova_unauthorized)
|
||||
self.mox.ReplayAll()
|
||||
|
||||
url = reverse('horizon:project:overview:index')
|
||||
url = reverse('horizon:admin:volumes:index')
|
||||
|
||||
# Avoid the log message in the test
|
||||
# when unauthorized exception will be logged
|
||||
@ -178,11 +174,7 @@ class UsageViewTests(test.TestCase):
|
||||
res = self.client.get(url)
|
||||
logging.disable(logging.NOTSET)
|
||||
|
||||
self.assertEqual(302, res.status_code)
|
||||
self.assertEqual(('Location', settings.TESTSERVER +
|
||||
settings.LOGIN_URL + '?' +
|
||||
REDIRECT_FIELD_NAME + '=' + url),
|
||||
res._headers.get('location', None),)
|
||||
self.assertEqual(403, res.status_code)
|
||||
|
||||
def test_usage_csv(self):
|
||||
self._test_usage_csv(nova_stu_enabled=True)
|
||||
|
Loading…
Reference in New Issue
Block a user