Merge pull request #391 from dod-ccpo/csrf-error

Redirect to login page when CSRF error occurs
2018-10-17 10:12:01 -04:00
parent 10d90a0e6b 0425df3d19
commit a05d226401
3 changed files with 35 additions and 1 deletions
--- a/atst/routes/errors.py
+++ b/atst/routes/errors.py
@@ -1,4 +1,5 @@
-from flask import render_template, current_app
+from flask import render_template, current_app, url_for, redirect, request
+from flask_wtf.csrf import CSRFError
 import werkzeug.exceptions as werkzeug_exceptions

 import atst.domain.exceptions as exceptions
@@ -23,6 +24,12 @@ def make_error_pages(app):
        log_error(e)
        return render_template("error.html", message="Log in Failed"), 401

+    @app.errorhandler(CSRFError)
+    # pylint: disable=unused-variable
+    def session_expired(e):
+        log_error(e)
+        return redirect(url_for("atst.root", sessionExpired=True, next=request.path))
+
    @app.errorhandler(Exception)
    # pylint: disable=unused-variable
    def exception(e):