Projet

Général

Profil

0001-auth_oidc-avoid-user-messages-with-prompt-none-relat.patch

Paul Marillonnet, 19 décembre 2022 17:06

Télécharger (4,1 ko)

Voir les différences:

Subject: [PATCH] auth_oidc: avoid user messages with prompt=none related
 errors (#72538)

 src/authentic2_auth_oidc/views.py | 46 ++++++++++++++++++-------------
 tests/test_auth_oidc.py           | 10 +++++++
 2 files changed, 37 insertions(+), 19 deletions(-)
src/authentic2_auth_oidc/views.py
325 325
            log_msg += ' see %s' % error_url
326 326
        logger.log(level, log_msg)
327 327

  
328
        if error_description:
329
            message = _('%(error_description)s (%(error)s)') % {
330
                'error_description': error_description,
331
                'error': error,
332
            }
333
            messages.add_message(request, level, message)
334
        else:  # unexpected error code
335
            message_params = {
336
                'request_id': request.request_id,
337
                'provider_name': provider and provider.name,
338
                'error': error,
339
            }
340
            if provider:
341
                message = _(
342
                    'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)'
343
                )
344
            else:
345
                message = _('Login with OpenID Connect failed, report %s to an administrator. (%(error)s)')
328
        if error not in (
329
            'consent_required',
330
            'login_required',
331
            'account_selection_required',
332
            'interaction_required',
333
        ):
334
            if error_description:
335
                message = _('%(error_description)s (%(error)s)') % {
336
                    'error_description': error_description,
337
                    'error': error,
338
                }
339
                messages.add_message(request, level, message)
340
            else:  # unexpected error code
341
                message_params = {
342
                    'request_id': request.request_id,
343
                    'provider_name': provider and provider.name,
344
                    'error': error,
345
                }
346
                if provider:
347
                    message = _(
348
                        'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)'
349
                    )
350
                else:
351
                    message = _(
352
                        'Login with OpenID Connect failed, report %s to an administrator. (%(error)s)'
353
                    )
346 354

  
347
            messages.warning(request, message % message_params)
355
                messages.warning(request, message % message_params)
348 356
        return self.continue_to_next_url(request)
349 357

  
350 358

  
tests/test_auth_oidc.py
558 558
        with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code):
559 559
            response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
560 560
    assert not hooks.auth_oidc_backend_modify_user
561
    with utils.check_log(caplog, 'consent_required'):
562
        with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce):
563
            response = app.get(
564
                login_callback_url(oidc_provider), params={'error': 'consent_required', 'state': state}
565
            )
566
            cookie = utils.decode_cookie(app.cookies['messages'])
567
            if isinstance(cookie, list):
568
                # prompt=none, no message displayed to end user
569
                assert len(cookie) == 0
570
    assert len(hooks.auth_oidc_backend_modify_user) == 0
561 571
    with utils.check_log(caplog, 'created user'):
562 572
        with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce):
563 573
            response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
564
-