core: add generic error view
This commit is contained in:
parent
d77bbd2120
commit
26618afb5a
31
passbook/core/templates/login/denied.html
Normal file
31
passbook/core/templates/login/denied.html
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{% extends 'login/base.html' %}
|
||||||
|
|
||||||
|
{% load static %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% load utils %}
|
||||||
|
|
||||||
|
{% block head %}
|
||||||
|
{{ block.super }}
|
||||||
|
<style>
|
||||||
|
.pf-icon {
|
||||||
|
font-size: 48px;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block card %}
|
||||||
|
<header class="login-pf-header">
|
||||||
|
<h1>{% trans title %}</h1>
|
||||||
|
</header>
|
||||||
|
{% include 'partials/messages.html' %}
|
||||||
|
<form method="POST">
|
||||||
|
{% csrf_token %}
|
||||||
|
{% include 'partials/form_login.html' %}
|
||||||
|
<span class="pf-icon pficon-error-circle-o btn-block"></span>
|
||||||
|
Access denied
|
||||||
|
{% if 'back' in request.GET %}
|
||||||
|
<a href="{% back %}" class="btn btn-primary btn-block btn-lg">{% trans 'Back' %}</a>
|
||||||
|
{% endif %}
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
|
@ -20,3 +20,14 @@ class LoadingView(TemplateView):
|
||||||
kwargs['title'] = self.title
|
kwargs['title'] = self.title
|
||||||
kwargs['target_url'] = self.get_url()
|
kwargs['target_url'] = self.get_url()
|
||||||
return super().get_context_data(**kwargs)
|
return super().get_context_data(**kwargs)
|
||||||
|
|
||||||
|
class PermissionDeniedView(TemplateView):
|
||||||
|
"""Generic Permission denied view"""
|
||||||
|
|
||||||
|
template_name = 'login/denied.html'
|
||||||
|
title = _('Permission denied.')
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
kwargs['is_login'] = True
|
||||||
|
kwargs['title'] = self.title
|
||||||
|
return super().get_context_data(**kwargs)
|
||||||
|
|
|
@ -10,6 +10,8 @@ urlpatterns = [
|
||||||
name="oauth2-authorize"),
|
name="oauth2-authorize"),
|
||||||
path('authorize/permission_ok/', oauth2.PassbookAuthorizationView.as_view(),
|
path('authorize/permission_ok/', oauth2.PassbookAuthorizationView.as_view(),
|
||||||
name="oauth2-ok-authorize"),
|
name="oauth2-ok-authorize"),
|
||||||
|
path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(),
|
||||||
|
name='oauth2-permission-denied'),
|
||||||
# OAuth API
|
# OAuth API
|
||||||
path('', include('oauth2_provider.urls', namespace='oauth2_provider')),
|
path('', include('oauth2_provider.urls', namespace='oauth2_provider')),
|
||||||
]
|
]
|
||||||
|
|
|
@ -2,13 +2,12 @@
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
|
||||||
from django.http import Http404
|
from django.shortcuts import get_object_or_404, redirect, reverse
|
||||||
from django.shortcuts import get_object_or_404, reverse
|
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
from oauth2_provider.views.base import AuthorizationView
|
from oauth2_provider.views.base import AuthorizationView
|
||||||
|
|
||||||
from passbook.core.views.access import AccessMixin
|
from passbook.core.views.access import AccessMixin
|
||||||
from passbook.core.views.utils import LoadingView
|
from passbook.core.views.utils import LoadingView, PermissionDeniedView
|
||||||
from passbook.oauth_provider.models import OAuth2Provider
|
from passbook.oauth_provider.models import OAuth2Provider
|
||||||
|
|
||||||
LOGGER = getLogger(__name__)
|
LOGGER = getLogger(__name__)
|
||||||
|
@ -23,6 +22,11 @@ class PassbookAuthorizationLoadingView(LoadingView):
|
||||||
querystring = urlencode(self.request.GET)
|
querystring = urlencode(self.request.GET)
|
||||||
return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring
|
return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring
|
||||||
|
|
||||||
|
|
||||||
|
class OAuthPermissionDenied(PermissionDeniedView):
|
||||||
|
"""Show permission denied view"""
|
||||||
|
|
||||||
|
|
||||||
class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
||||||
"""Custom OAuth2 Authorization View which checks rules, etc"""
|
"""Custom OAuth2 Authorization View which checks rules, etc"""
|
||||||
|
|
||||||
|
@ -40,8 +44,7 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
||||||
self._application = application
|
self._application = application
|
||||||
# Check permissions
|
# Check permissions
|
||||||
if not self.user_has_access(self._application, request.user):
|
if not self.user_has_access(self._application, request.user):
|
||||||
# TODO: Create a general error class for access denied
|
return redirect(reverse('passbook_oauth_provider:oauth2-permission-denied'))
|
||||||
raise Http404
|
|
||||||
actual_response = super().dispatch(request, *args, **kwargs)
|
actual_response = super().dispatch(request, *args, **kwargs)
|
||||||
if actual_response.status_code == 400:
|
if actual_response.status_code == 400:
|
||||||
LOGGER.debug(request.GET.get('redirect_uri'))
|
LOGGER.debug(request.GET.get('redirect_uri'))
|
||||||
|
|
Reference in a new issue