0001-auth_oidc-avoid-user-messages-with-prompt-none-relat.patch
| src/authentic2_auth_oidc/views.py | ||
|---|---|---|
| 325 | 325 |
log_msg += ' see %s' % error_url |
| 326 | 326 |
logger.log(level, log_msg) |
| 327 | 327 | |
| 328 |
if error_description: |
|
| 329 |
message = _('%(error_description)s (%(error)s)') % {
|
|
| 330 |
'error_description': error_description, |
|
| 331 |
'error': error, |
|
| 332 |
} |
|
| 333 |
messages.add_message(request, level, message) |
|
| 334 |
else: # unexpected error code |
|
| 335 |
message_params = {
|
|
| 336 |
'request_id': request.request_id, |
|
| 337 |
'provider_name': provider and provider.name, |
|
| 338 |
'error': error, |
|
| 339 |
} |
|
| 340 |
if provider: |
|
| 341 |
message = _( |
|
| 342 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
| 343 |
) |
|
| 344 |
else: |
|
| 345 |
message = _('Login with OpenID Connect failed, report %s to an administrator. (%(error)s)')
|
|
| 328 |
if error not in ( |
|
| 329 |
'consent_required', |
|
| 330 |
'login_required', |
|
| 331 |
'account_selection_required', |
|
| 332 |
'interaction_required', |
|
| 333 |
): |
|
| 334 |
if error_description: |
|
| 335 |
message = _('%(error_description)s (%(error)s)') % {
|
|
| 336 |
'error_description': error_description, |
|
| 337 |
'error': error, |
|
| 338 |
} |
|
| 339 |
messages.add_message(request, level, message) |
|
| 340 |
else: # unexpected error code |
|
| 341 |
message_params = {
|
|
| 342 |
'request_id': request.request_id, |
|
| 343 |
'provider_name': provider and provider.name, |
|
| 344 |
'error': error, |
|
| 345 |
} |
|
| 346 |
if provider: |
|
| 347 |
message = _( |
|
| 348 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
| 349 |
) |
|
| 350 |
else: |
|
| 351 |
message = _( |
|
| 352 |
'Login with OpenID Connect failed, report %s to an administrator. (%(error)s)' |
|
| 353 |
) |
|
| 346 | 354 | |
| 347 |
messages.warning(request, message % message_params) |
|
| 355 |
messages.warning(request, message % message_params)
|
|
| 348 | 356 |
return self.continue_to_next_url(request) |
| 349 | 357 | |
| 350 | 358 | |
| tests/test_auth_oidc.py | ||
|---|---|---|
| 534 | 534 |
assert len(cookie) == 1 |
| 535 | 535 |
cookie = cookie[0].message |
| 536 | 536 |
assert 'Authentication on Server failed with error' in cookie |
| 537 | ||
| 538 |
with utils.check_log(caplog, "'error': 'invalid request'"): |
|
| 539 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code): |
|
| 540 |
response = app.get( |
|
| 541 |
login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state, 'prompt': 'none'}
|
|
| 542 |
) |
|
| 543 |
cookie = utils.decode_cookie(app.cookies['messages']) |
|
| 544 |
if isinstance(cookie, list): |
|
| 545 |
# prompt=none, no message displayed to end user |
|
| 546 |
assert len(cookie) == 0 |
|
| 537 | 547 |
with utils.check_log(caplog, 'invalid id_token'): |
| 538 | 548 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token={'iss': None}):
|
| 539 | 549 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
|
| 540 |
- |
|