From fe50fd3423969fca640cc35b32678bab5fd491cb Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 10 Oct 2014 13:34:00 -0400
Subject: Handle invalid/expired transactions gracefully

Return a useful error page every time and invalid or expired
transaction is requested, instead of ending up with an internal
backtrace and an ugly 500 error.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ipsilon/login/authkrb.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ipsilon/login/authkrb.py')

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index 965d018..724c2ce 100755
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -20,7 +20,6 @@
 from ipsilon.login.common import LoginPageBase, LoginManagerBase
 from ipsilon.login.common import FACILITY
 from ipsilon.util.plugin import PluginObject
-from ipsilon.util.trans import Transaction
 from ipsilon.util.user import UserSession
 from string import Template
 import cherrypy
@@ -38,7 +37,7 @@ class Krb(LoginPageBase):
 class KrbAuth(LoginPageBase):
 
     def root(self, *args, **kwargs):
-        trans = Transaction('login', **kwargs)
+        trans = self.get_valid_transaction('login', **kwargs)
         # If we can get here, we must be authenticated and remote_user
         # was set. Check the session has a user set already or error.
         us = UserSession()
@@ -71,7 +70,8 @@ class KrbError(LoginPageBase):
                                   cont=conturl)
 
         # If we get here, negotiate failed
-        return self.lm.auth_failed(Transaction('login', **kwargs))
+        trans = self.get_valid_transaction('login', **kwargs)
+        return self.lm.auth_failed(trans)
 
 
 class LoginManager(LoginManagerBase):
-- 
cgit