| |
@@ -20,7 +20,6 @@
|
| |
from coprs import oid
|
| |
from coprs.logic.complex_logic import ComplexLogic
|
| |
from coprs.logic.users_logic import UsersLogic
|
| |
- from coprs.logic.coprs_logic import CoprsLogic
|
| |
from coprs.exceptions import ObjectNotFound
|
| |
|
| |
|
| |
@@ -178,7 +177,43 @@
|
| |
return flask.redirect(oid.get_next_url())
|
| |
|
| |
|
| |
+ def workaround_ipsilon_email_login_bug_handler(f):
|
| |
+ """
|
| |
+ We are working around an ipislon issue when people log in with their email,
|
| |
+ ipsilon then yields incorrect openid.identity:
|
| |
+
|
| |
+ ERROR:root:Discovery verification failure for http://foo@fedoraproject.org.id.fedoraproject.org/
|
| |
+
|
| |
+ The error above raises an exception in python-openid thus restarting the login process
|
| |
+ which turns into an infinite loop of requests. Since we drop the openid_error key from flask.session,
|
| |
+ we'll prevent the infinite loop to happen.
|
| |
+
|
| |
+ Ref: https://pagure.io/ipsilon/issue/358
|
| |
+ """
|
| |
+
|
| |
+ @functools.wraps(f)
|
| |
+ def _the_handler(*args, **kwargs):
|
| |
+ msg = flask.session.get("openid_error")
|
| |
+ if msg and "No matching endpoint found after discovering" in msg:
|
| |
+ # we need to advise to log out because the user will have an active FAS session
|
| |
+ # and the only way to break it is to log out
|
| |
+ logout_url = app.config["OPENID_PROVIDER_URL"] + "/logout"
|
| |
+ message = (
|
| |
+ "You logged in using your email. <a href=\"https://pagure.io/ipsilon/issue/358\""
|
| |
+ " target=\"_blank\">This is not supported.</a> "
|
| |
+ "Please log in with your <em>FAS username</em> instead "
|
| |
+ "<a href=\"%s\">after logging out here</a>." % logout_url
|
| |
+ )
|
| |
+ flask.session.pop("openid_error")
|
| |
+ flask.flash(message, "error")
|
| |
+ # do not redirect to "/login" since it's gonna be an infinite loop
|
| |
+ return flask.redirect("/")
|
| |
+ return f(*args, **kwargs)
|
| |
+ return _the_handler
|
| |
+
|
| |
+
|
| |
@misc.route("/login/", methods=["GET"])
|
| |
+ @workaround_ipsilon_email_login_bug_handler
|
| |
@oid.loginhandler
|
| |
def login():
|
| |
if not app.config['FAS_LOGIN']:
|
| |
@@ -399,7 +434,6 @@
|
| |
return response
|
| |
|
| |
|
| |
-
|
| |
def req_with_pagination(f):
|
| |
"""
|
| |
Parse 'page=' option from GET url, and place it as the argument
|
| |
The main problem is that FAS/ipsilon sets the email used during login as
openid.claimed_id instead of actual FAS username. This breaks openid
client logic badly.
flask_openid in this situation redirects to /login/, again, which causes
infinite request loop.
In this commit we create a new decorator to wrap our login method to
detect this situation and prevent it:
detect this specific use case
drop the
openid_error
from flask sessionflash a message they hit an auth bug
ask them to log out and log in again with FAS username
redirect to "/"