From e81f525cea87a2e46e78c1ab9d489712f5fff521 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@haufe-lexware.com>
Date: Fri, 14 Dec 2018 15:18:02 +0100
Subject: [PATCH] core,oauth_provider: cleanup templates, add MFA error view

---
 passbook/core/auth/mfa.py                             |  6 +++++-
 passbook/core/forms/rules.py                          |  4 ++++
 passbook/core/templates/login/base.html               |  2 ++
 passbook/core/templates/overview/index.html           | 11 ++++++++++-
 passbook/core/urls.py                                 |  1 +
 .../templates/oauth2_provider/authorize.html          |  4 ++--
 6 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/passbook/core/auth/mfa.py b/passbook/core/auth/mfa.py
index abfce0c45..c5b3acfae 100644
--- a/passbook/core/auth/mfa.py
+++ b/passbook/core/auth/mfa.py
@@ -8,6 +8,7 @@ from django.shortcuts import get_object_or_404, redirect, reverse
 from django.views.generic import View
 
 from passbook.core.models import User
+from passbook.core.views.utils import PermissionDeniedView
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 
 LOGGER = getLogger(__name__)
@@ -81,7 +82,7 @@ class MultiFactorAuthenticator(View):
     def user_invalid(self):
         """Show error message, user could not be authenticated"""
         LOGGER.debug("User invalid")
-        # TODO: Redirect to error view
+        return redirect(reverse('passbook_core:mfa-denied'))
 
     def _user_passed(self):
         """User Successfully passed all factors"""
@@ -90,3 +91,6 @@ class MultiFactorAuthenticator(View):
         login(self.request, self.pending_user, backend=backend)
         LOGGER.debug("Logged in user %s", self.pending_user)
         return redirect(reverse('passbook_core:overview'))
+
+class MFAPermissionDeniedView(PermissionDeniedView):
+    """User could not be authenticated"""
diff --git a/passbook/core/forms/rules.py b/passbook/core/forms/rules.py
index a6ae9310b..0e83a23f4 100644
--- a/passbook/core/forms/rules.py
+++ b/passbook/core/forms/rules.py
@@ -1,6 +1,7 @@
 """passbook rule forms"""
 
 from django import forms
+from django.utils.translation import gettext as _
 
 from passbook.core.models import DebugRule, FieldMatcherRule, WebhookRule
 
@@ -46,3 +47,6 @@ class DebugRuleForm(forms.ModelForm):
         widgets = {
             'name': forms.TextInput(),
         }
+        labels = {
+            'result': _('Allow user')
+        }
diff --git a/passbook/core/templates/login/base.html b/passbook/core/templates/login/base.html
index b69d941e0..cddf2877d 100644
--- a/passbook/core/templates/login/base.html
+++ b/passbook/core/templates/login/base.html
@@ -8,6 +8,8 @@
   .login-pf-page .login-pf-page-footer-links {
     padding: 15px;
     background-color: #fff;
+    border-top: 2px solid transparent;
+    box-shadow: 0 1px 1px rgba(3,3,3,.175);
   }
 
   .login-pf-page .login-pf-page-footer-link {
diff --git a/passbook/core/templates/overview/index.html b/passbook/core/templates/overview/index.html
index ba49720f5..c569c0552 100644
--- a/passbook/core/templates/overview/index.html
+++ b/passbook/core/templates/overview/index.html
@@ -2,6 +2,15 @@
 
 {% load i18n %}
 
+{% block head %}
+{{ block.super }}
+<style>
+  img.app-icon {
+    max-height: 72px;
+  }
+</style>
+{% endblock %}
+
 {% block content %}
 <div class="container">
   <div class="row row-cards-pf">
@@ -19,7 +28,7 @@
                 {% if not app.icon_url %}
                 <span class="pficon pficon-arrow"></span>
                 {% else %}
-                <img src="{{ app.icon_url }}" alt="{% trans 'Application Icon' %}">
+                <img class="app-icon" src="{{ app.icon_url }}" alt="{% trans 'Application Icon' %}">
                 {% endif %}
               </a>
             </span>
diff --git a/passbook/core/urls.py b/passbook/core/urls.py
index 8d5f80213..a4bc1405b 100644
--- a/passbook/core/urls.py
+++ b/passbook/core/urls.py
@@ -20,6 +20,7 @@ core_urls = [
     path('auth/logout/', authentication.LogoutView.as_view(), name='auth-logout'),
     path('auth/sign_up/', authentication.SignUpView.as_view(), name='auth-sign-up'),
     path('auth/mfa/', mfa.MultiFactorAuthenticator.as_view(), name='mfa'),
+    path('auth/mfa/denied/', mfa.MFAPermissionDeniedView.as_view(), 'mfa-denied'),
     # User views
     path('user/', user.UserSettingsView.as_view(), name='user-settings'),
     path('user/delete/', user.UserDeleteView.as_view(), name='user-delete'),
diff --git a/passbook/oauth_provider/templates/oauth2_provider/authorize.html b/passbook/oauth_provider/templates/oauth2_provider/authorize.html
index 9378f76ae..134acc939 100644
--- a/passbook/oauth_provider/templates/oauth2_provider/authorize.html
+++ b/passbook/oauth_provider/templates/oauth2_provider/authorize.html
@@ -4,12 +4,12 @@
 {% load i18n %}
 
 {% block title %}
-{% title 'SSO - Authorize External Source' %}
+{% title 'Authorize Application' %}
 {% endblock %}
 
 {% block card %}
 <header class="login-pf-header">
-  <h1>{% trans 'SSO - Authorize External Source' %}</h1>
+  <h1>{% trans 'Authorize Application' %}</h1>
 </header>
 {% include 'partials/messages.html' %}
 <form method="POST">