PR#3641: Break infinite redirect loop - pagure

pagure

#3641 Break infinite redirect loop

Merged 2 years ago by pingou. Opened 2 years ago by pingou.

break_infinite_redirect into master

Break infinite redirect loop

Pierre-Yves Chibon • 2 years ago

08da0da

pagure/ui/app.py

file modified

+4 -1

		`@@ -58,7 +58,9 @@`
		`def index():`
		`""" Front page of the application.`
		`"""`
		`- if authenticated() and flask.request.path == "/":`
		`+ if authenticated() and flask.request.path == "/" \`
		`+ and not flask.session.get("_requires_fpca", False):`
		`+ flask.request.from_index = True`
		`return flask.redirect(flask.url_for("ui_ns.userdash_projects"))`

		`sorting = flask.request.args.get("sorting") or None`
		`@@ -986,6 +988,7 @@`
		`def new_project():`
		`""" Form to create a new project.`
		`"""`
		`+`
		`user = pagure.lib.search_user(`
		`flask.g.session, username=flask.g.fas_user.username`
		`)`

pagure/utils.py

file modified

+2 -1

		`@@ -205,11 +205,11 @@`
		If the auth system is ``fas`` it will also require that the user sign
		`the FPCA.`
		`"""`
		`- auth_method = pagure_config.get("PAGURE_AUTH", None)`

		`@wraps(function)`
		`def decorated_function(args, *kwargs):`
		`""" Decorated function, actually does the work. """`
		`+ auth_method = pagure_config.get("PAGURE_AUTH", None)`
		`if flask.session.get("_justloggedout", False):`
		`return flask.redirect(flask.url_for("ui_ns.index"))`
		`elif not authenticated():`
		`@@ -217,6 +217,7 @@`
		`flask.url_for("auth_login", next=flask.request.url)`
		`)`
		`elif auth_method == "fas" and not flask.g.fas_user.cla_done:`
		`+ flask.session["_requires_fpca"] = True`
		`flask.flash(`
		`flask.Markup(`
		`'You must <a href="https://admin.fedoraproject'`

tests/test_pagure_flask_ui_app.py

file modified

+17

		`@@ -1937,6 +1937,23 @@`
		`output = self.app.get('/settings/token/new')`
		`self.assertEqual(output.status_code, 302)`

		`+ @patch.dict('pagure.config.config', {'PAGURE_AUTH': 'fas'})`
		`+ @patch.dict('pagure.utils.pagure_config', {'PAGURE_AUTH': 'fas'})`
		`+ def test_create_project_auth_FAS_no_FPCA(self):`
		`+ """ Test creating a project when auth is FAS and the user did not`
		`+ sign the FPCA. """`
		`+`
		`+ user = tests.FakeUser(username='foo', cla_done=False)`
		`+ with tests.user_set(self.app.application, user):`
		`+ output = self.app.get('/new/', follow_redirects=True)`
		`+ self.assertEqual(output.status_code, 200)`
		`+ output_text = output.get_data(as_text=True)`
		`+ self.assertIn('<title>Home - Pagure</title>', output_text)`
		`+ self.assertIn(`
		`+ '</i> You must <a href="https://admin.fedoraproject.org/accounts/'`
		`+ '">sign the FPCA</a> (Fedora Project Contributor Agreement) '`
		`+ 'to use pagure</div>', output_text)`
		`+`

		`class PagureFlaskAppNoDocstests(tests.Modeltests):`
		`""" Tests for flask app controller of pagure """`

pingou commented 2 years ago

When AUTH is set to fas, if the user has not sign the FPCA and tries
accessing a page requiring authentication and FPCA, they get redirected
to the index page, from there to the user's dashboard that requires
authentication and FPCA and the loop is triggered.

Fixes https://pagure.io/pagure/issue/3611

Signed-off-by: Pierre-Yves Chibon pingou@pingoured.fr

rebased onto 08da0da

2 years ago