0001-misc-return-bad-request-messages-as-plain-text-41602.patch
| mellon/views.py | ||
|---|---|---|
| 23 | 23 |
from xml.sax.saxutils import escape |
| 24 | 24 |
import xml.etree.ElementTree as ET |
| 25 | 25 | |
| 26 | ||
| 26 |
import django.http |
|
| 27 | 27 |
from django.views.generic import View |
| 28 |
from django.http import HttpResponseBadRequest, HttpResponseRedirect, HttpResponse
|
|
| 28 |
from django.http import HttpResponseRedirect, HttpResponse |
|
| 29 | 29 |
from django.contrib import auth |
| 30 | 30 |
from django.conf import settings |
| 31 | 31 |
from django.views.decorators.csrf import csrf_exempt |
| ... | ... | |
| 40 | 40 | |
| 41 | 41 |
from . import app_settings, utils |
| 42 | 42 | |
| 43 | ||
| 43 | 44 |
RETRY_LOGIN_COOKIE = 'MELLON_RETRY_LOGIN' |
| 44 | 45 | |
| 45 | 46 |
lasso.setFlag('thin-sessions')
|
| ... | ... | |
| 55 | 56 |
LOGIN_HINT = '{%s}login-hint' % EO_NS
|
| 56 | 57 | |
| 57 | 58 | |
| 59 |
class HttpResponseBadRequest(django.http.HttpResponseBadRequest): |
|
| 60 |
def __init__(self, *args, **kwargs): |
|
| 61 |
kwargs['content_type'] = kwargs.get('content_type', 'text/plain')
|
|
| 62 |
super(HttpResponseBadRequest, self).__init__(*args, **kwargs) |
|
| 63 |
self['X-Content-Type-Options'] = 'nosniff' |
|
| 64 | ||
| 65 | ||
| 58 | 66 |
class LogMixin(object): |
| 59 | 67 |
"""Initialize a module logger in new objects""" |
| 60 | 68 |
def __init__(self, *args, **kwargs): |
| tests/test_views.py | ||
|---|---|---|
| 232 | 232 |
'METADATA': open('tests/metadata.xml').read(),
|
| 233 | 233 |
}] |
| 234 | 234 |
response = client.get('/login/?SAMLart=xxx', status=400)
|
| 235 |
assert response['Content-Type'] == 'text/plain' |
|
| 236 |
assert response['X-Content-Type-Options'] == 'nosniff' |
|
| 235 | 237 |
assert b'artifact is malformed' in response.content |
| 236 | 238 |
assert 'artifact is malformed' in caplog.text |
| 237 | 239 | |
| 238 |
- |
|