0001-auth_oidc-avoid-user-messages-with-prompt-none-relat.patch
src/authentic2_auth_oidc/views.py | ||
---|---|---|
325 | 325 |
log_msg += ' see %s' % error_url |
326 | 326 |
logger.log(level, log_msg) |
327 | 327 | |
328 |
if error_description: |
|
329 |
message = _('%(error_description)s (%(error)s)') % { |
|
330 |
'error_description': error_description, |
|
331 |
'error': error, |
|
332 |
} |
|
333 |
messages.add_message(request, level, message) |
|
334 |
else: # unexpected error code |
|
335 |
message_params = { |
|
336 |
'request_id': request.request_id, |
|
337 |
'provider_name': provider and provider.name, |
|
338 |
'error': error, |
|
339 |
} |
|
340 |
if provider: |
|
341 |
message = _( |
|
342 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
343 |
) |
|
344 |
else: |
|
345 |
message = _('Login with OpenID Connect failed, report %s to an administrator. (%(error)s)') |
|
328 |
if error not in ( |
|
329 |
'consent_required', |
|
330 |
'login_required', |
|
331 |
'account_selection_required', |
|
332 |
'interaction_required', |
|
333 |
): |
|
334 |
if error_description: |
|
335 |
message = _('%(error_description)s (%(error)s)') % { |
|
336 |
'error_description': error_description, |
|
337 |
'error': error, |
|
338 |
} |
|
339 |
messages.add_message(request, level, message) |
|
340 |
else: # unexpected error code |
|
341 |
message_params = { |
|
342 |
'request_id': request.request_id, |
|
343 |
'provider_name': provider and provider.name, |
|
344 |
'error': error, |
|
345 |
} |
|
346 |
if provider: |
|
347 |
message = _( |
|
348 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
349 |
) |
|
350 |
else: |
|
351 |
message = _( |
|
352 |
'Login with OpenID Connect failed, report %s to an administrator. (%(error)s)' |
|
353 |
) |
|
346 | 354 | |
347 |
messages.warning(request, message % message_params) |
|
355 |
messages.warning(request, message % message_params)
|
|
348 | 356 |
return self.continue_to_next_url(request) |
349 | 357 | |
350 | 358 |
tests/test_auth_oidc.py | ||
---|---|---|
534 | 534 |
assert len(cookie) == 1 |
535 | 535 |
cookie = cookie[0].message |
536 | 536 |
assert 'Authentication on Server failed with error' in cookie |
537 | ||
538 |
with utils.check_log(caplog, "'error': 'invalid request'"): |
|
539 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code): |
|
540 |
response = app.get( |
|
541 |
login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state, 'prompt': 'none'} |
|
542 |
) |
|
543 |
cookie = utils.decode_cookie(app.cookies['messages']) |
|
544 |
if isinstance(cookie, list): |
|
545 |
# prompt=none, no message displayed to end user |
|
546 |
assert len(cookie) == 0 |
|
537 | 547 |
with utils.check_log(caplog, 'invalid id_token'): |
538 | 548 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token={'iss': None}): |
539 | 549 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state}) |
540 |
- |