diff options
author | Simo Sorce <simo@redhat.com> | 2014-10-10 13:34:00 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-10-24 18:03:28 +0200 |
commit | fe50fd3423969fca640cc35b32678bab5fd491cb (patch) | |
tree | f3f3c81553934cdf89d5578018b982744837301d /ipsilon | |
parent | 66361edf21ca83ad9e34177436f32e792fd8b893 (diff) | |
download | ipsilon-fe50fd3423969fca640cc35b32678bab5fd491cb.tar.gz ipsilon-fe50fd3423969fca640cc35b32678bab5fd491cb.tar.xz ipsilon-fe50fd3423969fca640cc35b32678bab5fd491cb.zip |
Handle invalid/expired transactions gracefully
Return a useful error page every time and invalid or expired
transaction is requested, instead of ending up with an internal
backtrace and an ugly 500 error.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/login/authkrb.py | 6 | ||||
-rwxr-xr-x | ipsilon/login/common.py | 5 | ||||
-rwxr-xr-x | ipsilon/util/page.py | 8 |
3 files changed, 13 insertions, 6 deletions
diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index 965d018..724c2ce 100755 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -20,7 +20,6 @@ from ipsilon.login.common import LoginPageBase, LoginManagerBase from ipsilon.login.common import FACILITY from ipsilon.util.plugin import PluginObject -from ipsilon.util.trans import Transaction from ipsilon.util.user import UserSession from string import Template import cherrypy @@ -38,7 +37,7 @@ class Krb(LoginPageBase): class KrbAuth(LoginPageBase): def root(self, *args, **kwargs): - trans = Transaction('login', **kwargs) + trans = self.get_valid_transaction('login', **kwargs) # If we can get here, we must be authenticated and remote_user # was set. Check the session has a user set already or error. us = UserSession() @@ -71,7 +70,8 @@ class KrbError(LoginPageBase): cont=conturl) # If we get here, negotiate failed - return self.lm.auth_failed(Transaction('login', **kwargs)) + trans = self.get_valid_transaction('login', **kwargs) + return self.lm.auth_failed(trans) class LoginManager(LoginManagerBase): diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py index 94284b0..cb45fd6 100755 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -24,7 +24,6 @@ from ipsilon.util.plugin import PluginLoader, PluginObject from ipsilon.util.plugin import PluginInstaller from ipsilon.info.common import Info from ipsilon.util.cookies import SecureCookie -from ipsilon.util.trans import Transaction import cherrypy @@ -193,7 +192,7 @@ class LoginFormBase(LoginPageBase): return self._template(self.formtemplate, **context) def root(self, *args, **kwargs): - self.trans = Transaction('login', **kwargs) + self.trans = self.get_valid_transaction('login', **kwargs) op = getattr(self, cherrypy.request.method, self.GET) if callable(op): return op(*args, **kwargs) @@ -265,7 +264,7 @@ class Login(Page): def root(self, *args, **kwargs): if self.first_login: - trans = Transaction('login', **kwargs) + trans = self.get_valid_transaction('login', **kwargs) redirect = '%s/login/%s?%s' % (self.basepath, self.first_login.path, trans.get_GET_arg()) diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py index f98b2d9..213f945 100755 --- a/ipsilon/util/page.py +++ b/ipsilon/util/page.py @@ -19,6 +19,7 @@ from ipsilon.util.log import Log from ipsilon.util.user import UserSession +from ipsilon.util.trans import Transaction from urllib import unquote import cherrypy @@ -113,4 +114,11 @@ class Page(Log): def del_subtree(self, name): del self.__dict__[name] + def get_valid_transaction(self, provider, **kwargs): + try: + return Transaction(provider, **kwargs) + except ValueError: + msg = 'Transaction expired, or cookies not available' + raise cherrypy.HTTPError(401, msg) + exposed = True |