diff --git a/atst/routes/errors.py b/atst/routes/errors.py index 53d93e4b..7b6939d9 100644 --- a/atst/routes/errors.py +++ b/atst/routes/errors.py @@ -1,4 +1,5 @@ -from flask import render_template, current_app +from flask import render_template, current_app, url_for, redirect, request +from flask_wtf.csrf import CSRFError import werkzeug.exceptions as werkzeug_exceptions import atst.domain.exceptions as exceptions @@ -23,6 +24,11 @@ def make_error_pages(app): log_error(e) return render_template("error.html", message="Log in Failed"), 401 + @app.errorhandler(CSRFError) + def session_expired(e): + log_error(e) + return redirect(url_for("atst.root", sessionExpired=True, next=request.path)) + @app.errorhandler(Exception) # pylint: disable=unused-variable def exception(e): diff --git a/templates/login.html b/templates/login.html index e2efface..db1150c2 100644 --- a/templates/login.html +++ b/templates/login.html @@ -11,6 +11,12 @@
+ {% if request.args.get("sessionExpired") %} + {{ Alert('Session Expired', + message='Your session expired due to inactivity. Please log in again to continue.', + level='error' + ) }} + {% endif %}

Access the JEDI Cloud

diff --git a/tests/routes/test_errors.py b/tests/routes/test_errors.py new file mode 100644 index 00000000..1eb4091f --- /dev/null +++ b/tests/routes/test_errors.py @@ -0,0 +1,14 @@ + +def test_csrf_error(app, client): + app.config.update({"WTF_CSRF_ENABLED": True}) + + response = client.post( + "/requests/new/1", + headers={ "Content-Type": "application/x-www-form-urlencoded" }, + data="csrf_token=invalid_token", + follow_redirects=True, + ) + + body = response.data.decode() + assert "Session Expired" in body + assert "Log in Required" in body