Mirror
/
tildes
mirror of https://gitlab.com/tildes/tildes.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Redirect logged-out users to login page on 403 

Now that the login page is set up to send users back to wherever they
were before logging in, we'll send users there with an appropriate
from_url if they try to access a page that they need to be logged in
for.
merge-requests/74/head
Deimos 6 years ago
parent
d602eb5611
commit
7a572cdf98
1 changed files with 19 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      tildes/tildes/views/exceptions.py

21
tildes/tildes/views/exceptions.py
View File

@ -4,15 +4,18 @@
"""Views used by Pyramid when an exception is raised.""" """Views used by Pyramid when an exception is raised."""
from typing import Sequence from typing import Sequence
from urllib.parse import quote_plus
from marshmallow import ValidationError from marshmallow import ValidationError
from pyramid.httpexceptions import ( from pyramid.httpexceptions import (
HTTPError, HTTPError,
HTTPForbidden, HTTPForbidden,
HTTPFound,
HTTPNotFound, HTTPNotFound,
HTTPUnprocessableEntity, HTTPUnprocessableEntity,
) )
from pyramid.request import Request from pyramid.request import Request
from pyramid.security import Authenticated
from pyramid.view import ( from pyramid.view import (
exception_view_config, exception_view_config,
forbidden_view_config, forbidden_view_config,
@ -57,10 +60,15 @@ def group_not_found(request: Request) -> dict:
@notfound_view_config(xhr=False, renderer="error_page.jinja2") @notfound_view_config(xhr=False, renderer="error_page.jinja2")
@forbidden_view_config(xhr=False, renderer="error_page.jinja2")
@forbidden_view_config(
xhr=False, effective_principals=Authenticated, renderer="error_page.jinja2"
)
@exception_view_config(context=HTTPError, xhr=False, renderer="error_page.jinja2") @exception_view_config(context=HTTPError, xhr=False, renderer="error_page.jinja2")
def generic_error_page(request: Request) -> dict: def generic_error_page(request: Request) -> dict:
"""Display a generic error page for all HTTP exceptions."""
"""Display a generic error page for all HTTP exceptions.
Note that for 403 errors, this view will only be used if the user is logged in.
"""
request.response.status_int = request.exception.status_int request.response.status_int = request.exception.status_int
error = f"Error {request.exception.status_code} ({request.exception.title})" error = f"Error {request.exception.status_code} ({request.exception.title})"
@ -76,3 +84,12 @@ def generic_error_page(request: Request) -> dict:
description = request.exception.explanation description = request.exception.explanation
return {"error": error, "description": description} return {"error": error, "description": description}
@forbidden_view_config(xhr=False)
def logged_out_forbidden(request: Request) -> HTTPFound:
"""Redirect logged-out users to login page on 403 error."""
forbidden_path = quote_plus(request.path_qs)
login_url = request.route_url("login", _query={"from_url": forbidden_path})
return HTTPFound(location=login_url)
Write Preview
Loading…
Cancel
Save