Redirect to login page when CSRF error occurs
This commit is contained in:
parent
e7b437dc56
commit
c7d5015942
@ -1,4 +1,5 @@
|
|||||||
from flask import render_template, current_app
|
from flask import render_template, current_app, url_for, redirect, request
|
||||||
|
from flask_wtf.csrf import CSRFError
|
||||||
import werkzeug.exceptions as werkzeug_exceptions
|
import werkzeug.exceptions as werkzeug_exceptions
|
||||||
|
|
||||||
import atst.domain.exceptions as exceptions
|
import atst.domain.exceptions as exceptions
|
||||||
@ -23,6 +24,11 @@ def make_error_pages(app):
|
|||||||
log_error(e)
|
log_error(e)
|
||||||
return render_template("error.html", message="Log in Failed"), 401
|
return render_template("error.html", message="Log in Failed"), 401
|
||||||
|
|
||||||
|
@app.errorhandler(CSRFError)
|
||||||
|
def session_expired(e):
|
||||||
|
log_error(e)
|
||||||
|
return redirect(url_for("atst.root", sessionExpired=True, next=request.path))
|
||||||
|
|
||||||
@app.errorhandler(Exception)
|
@app.errorhandler(Exception)
|
||||||
# pylint: disable=unused-variable
|
# pylint: disable=unused-variable
|
||||||
def exception(e):
|
def exception(e):
|
||||||
|
@ -11,6 +11,12 @@
|
|||||||
<div class='col'>
|
<div class='col'>
|
||||||
|
|
||||||
<div class='login-banner'>
|
<div class='login-banner'>
|
||||||
|
{% if request.args.get("sessionExpired") %}
|
||||||
|
{{ Alert('Session Expired',
|
||||||
|
message='Your session expired due to inactivity. Please log in again to continue.',
|
||||||
|
level='error'
|
||||||
|
) }}
|
||||||
|
{% endif %}
|
||||||
<h1 class="login-banner__heading">Access the JEDI Cloud</h1>
|
<h1 class="login-banner__heading">Access the JEDI Cloud</h1>
|
||||||
|
|
||||||
<img class="login-banner__logo" src="{{url_for('static', filename='img/ccpo-logo.svg')}}" alt="Cloud Computing Program Office Logo">
|
<img class="login-banner__logo" src="{{url_for('static', filename='img/ccpo-logo.svg')}}" alt="Cloud Computing Program Office Logo">
|
||||||
|
14
tests/routes/test_errors.py
Normal file
14
tests/routes/test_errors.py
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
|
||||||
|
def test_csrf_error(app, client):
|
||||||
|
app.config.update({"WTF_CSRF_ENABLED": True})
|
||||||
|
|
||||||
|
response = client.post(
|
||||||
|
"/requests/new/1",
|
||||||
|
headers={ "Content-Type": "application/x-www-form-urlencoded" },
|
||||||
|
data="csrf_token=invalid_token",
|
||||||
|
follow_redirects=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
body = response.data.decode()
|
||||||
|
assert "Session Expired" in body
|
||||||
|
assert "Log in Required" in body
|
Loading…
x
Reference in New Issue
Block a user