providers/*: pass policy result objects when access denied
This commit is contained in:
parent
812cc0d2f1
commit
3cf558d594
|
@ -323,7 +323,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View):
|
||||||
try:
|
try:
|
||||||
application = self.provider_to_application(provider)
|
application = self.provider_to_application(provider)
|
||||||
except Application.DoesNotExist:
|
except Application.DoesNotExist:
|
||||||
return self.handle_no_permission_authorized()
|
return self.handle_no_permission_authenticated()
|
||||||
# Check if user is unauthenticated, so we pass the application
|
# Check if user is unauthenticated, so we pass the application
|
||||||
# for the identification stage
|
# for the identification stage
|
||||||
if not request.user.is_authenticated:
|
if not request.user.is_authenticated:
|
||||||
|
@ -331,7 +331,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View):
|
||||||
# Check permissions
|
# Check permissions
|
||||||
result = self.user_has_access(application)
|
result = self.user_has_access(application)
|
||||||
if not result.passing:
|
if not result.passing:
|
||||||
return self.handle_no_permission_authorized()
|
return self.handle_no_permission_authenticated(result)
|
||||||
# TODO: End block
|
# TODO: End block
|
||||||
# Extract params so we can save them in the plan context
|
# Extract params so we can save them in the plan context
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -62,8 +62,9 @@ class SAMLSSOView(PolicyAccessMixin, View):
|
||||||
)
|
)
|
||||||
if not request.user.is_authenticated:
|
if not request.user.is_authenticated:
|
||||||
return self.handle_no_permission(self.application)
|
return self.handle_no_permission(self.application)
|
||||||
if not self.user_has_access(self.application).passing:
|
has_access = self.user_has_access(self.application)
|
||||||
return self.handle_no_permission_authorized()
|
if not has_access.passing:
|
||||||
|
return self.handle_no_permission_authenticated(has_access)
|
||||||
# Call the method handler, which checks the SAML Request
|
# Call the method handler, which checks the SAML Request
|
||||||
method_response = super().dispatch(request, *args, application_slug, **kwargs)
|
method_response = super().dispatch(request, *args, application_slug, **kwargs)
|
||||||
if method_response:
|
if method_response:
|
||||||
|
|
Reference in a new issue