0001-auth_oidc-avoid-user-messages-with-prompt-none-relat.patch
src/authentic2_auth_oidc/views.py | ||
---|---|---|
325 | 325 |
log_msg += ' see %s' % error_url |
326 | 326 |
logger.log(level, log_msg) |
327 | 327 | |
328 |
if error_description: |
|
329 |
message = _('%(error_description)s (%(error)s)') % { |
|
330 |
'error_description': error_description, |
|
331 |
'error': error, |
|
332 |
} |
|
333 |
messages.add_message(request, level, message) |
|
334 |
else: # unexpected error code |
|
335 |
message_params = { |
|
336 |
'request_id': request.request_id, |
|
337 |
'provider_name': provider and provider.name, |
|
338 |
'error': error, |
|
339 |
} |
|
340 |
if provider: |
|
341 |
message = _( |
|
342 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
343 |
) |
|
344 |
else: |
|
345 |
message = _('Login with OpenID Connect failed, report %s to an administrator. (%(error)s)') |
|
328 |
if error not in ( |
|
329 |
'consent_required', |
|
330 |
'login_required', |
|
331 |
'account_selection_required', |
|
332 |
'interaction_required', |
|
333 |
): |
|
334 |
if error_description: |
|
335 |
message = _('%(error_description)s (%(error)s)') % { |
|
336 |
'error_description': error_description, |
|
337 |
'error': error, |
|
338 |
} |
|
339 |
messages.add_message(request, level, message) |
|
340 |
else: # unexpected error code |
|
341 |
message_params = { |
|
342 |
'request_id': request.request_id, |
|
343 |
'provider_name': provider and provider.name, |
|
344 |
'error': error, |
|
345 |
} |
|
346 |
if provider: |
|
347 |
message = _( |
|
348 |
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)' |
|
349 |
) |
|
350 |
else: |
|
351 |
message = _( |
|
352 |
'Login with OpenID Connect failed, report %s to an administrator. (%(error)s)' |
|
353 |
) |
|
346 | 354 | |
347 |
messages.warning(request, message % message_params) |
|
355 |
messages.warning(request, message % message_params)
|
|
348 | 356 |
return self.continue_to_next_url(request) |
349 | 357 | |
350 | 358 |
tests/test_auth_oidc.py | ||
---|---|---|
558 | 558 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code): |
559 | 559 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state}) |
560 | 560 |
assert not hooks.auth_oidc_backend_modify_user |
561 |
with utils.check_log(caplog, 'consent_required'): |
|
562 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce): |
|
563 |
response = app.get( |
|
564 |
login_callback_url(oidc_provider), params={'error': 'consent_required', 'state': state} |
|
565 |
) |
|
566 |
cookie = utils.decode_cookie(app.cookies['messages']) |
|
567 |
if isinstance(cookie, list): |
|
568 |
# prompt=none, no message displayed to end user |
|
569 |
assert len(cookie) == 0 |
|
570 |
assert len(hooks.auth_oidc_backend_modify_user) == 0 |
|
561 | 571 |
with utils.check_log(caplog, 'created user'): |
562 | 572 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce): |
563 | 573 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state}) |
564 |
- |