diff --git a/passbook/core/templates/login/denied.html b/passbook/core/templates/login/denied.html new file mode 100644 index 000000000..5ffaa0394 --- /dev/null +++ b/passbook/core/templates/login/denied.html @@ -0,0 +1,31 @@ +{% extends 'login/base.html' %} + +{% load static %} +{% load i18n %} +{% load utils %} + +{% block head %} +{{ block.super }} + +{% endblock %} + +{% block card %} +
+

{% trans title %}

+
+{% include 'partials/messages.html' %} +
+ {% csrf_token %} + {% include 'partials/form_login.html' %} + + Access denied + {% if 'back' in request.GET %} + {% trans 'Back' %} + {% endif %} +
+{% endblock %} diff --git a/passbook/core/views/utils.py b/passbook/core/views/utils.py index a9de23541..a0f1d38d5 100644 --- a/passbook/core/views/utils.py +++ b/passbook/core/views/utils.py @@ -20,3 +20,14 @@ class LoadingView(TemplateView): kwargs['title'] = self.title kwargs['target_url'] = self.get_url() return super().get_context_data(**kwargs) + +class PermissionDeniedView(TemplateView): + """Generic Permission denied view""" + + template_name = 'login/denied.html' + title = _('Permission denied.') + + def get_context_data(self, **kwargs): + kwargs['is_login'] = True + kwargs['title'] = self.title + return super().get_context_data(**kwargs) diff --git a/passbook/oauth_provider/urls.py b/passbook/oauth_provider/urls.py index ebb5d160c..26fdf4c35 100644 --- a/passbook/oauth_provider/urls.py +++ b/passbook/oauth_provider/urls.py @@ -10,6 +10,8 @@ urlpatterns = [ name="oauth2-authorize"), path('authorize/permission_ok/', oauth2.PassbookAuthorizationView.as_view(), name="oauth2-ok-authorize"), + path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(), + name='oauth2-permission-denied'), # OAuth API path('', include('oauth2_provider.urls', namespace='oauth2_provider')), ] diff --git a/passbook/oauth_provider/views/oauth2.py b/passbook/oauth_provider/views/oauth2.py index e2e6584e4..c5c38629d 100644 --- a/passbook/oauth_provider/views/oauth2.py +++ b/passbook/oauth_provider/views/oauth2.py @@ -2,13 +2,12 @@ from logging import getLogger from urllib.parse import urlencode -from django.http import Http404 -from django.shortcuts import get_object_or_404, reverse +from django.shortcuts import get_object_or_404, redirect, reverse from django.utils.translation import ugettext as _ from oauth2_provider.views.base import AuthorizationView from passbook.core.views.access import AccessMixin -from passbook.core.views.utils import LoadingView +from passbook.core.views.utils import LoadingView, PermissionDeniedView from passbook.oauth_provider.models import OAuth2Provider LOGGER = getLogger(__name__) @@ -23,6 +22,11 @@ class PassbookAuthorizationLoadingView(LoadingView): querystring = urlencode(self.request.GET) return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring + +class OAuthPermissionDenied(PermissionDeniedView): + """Show permission denied view""" + + class PassbookAuthorizationView(AccessMixin, AuthorizationView): """Custom OAuth2 Authorization View which checks rules, etc""" @@ -40,8 +44,7 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView): self._application = application # Check permissions if not self.user_has_access(self._application, request.user): - # TODO: Create a general error class for access denied - raise Http404 + return redirect(reverse('passbook_oauth_provider:oauth2-permission-denied')) actual_response = super().dispatch(request, *args, **kwargs) if actual_response.status_code == 400: LOGGER.debug(request.GET.get('redirect_uri'))