#3641 Break infinite redirect loop
Merged 2 years ago by pingou. Opened 2 years ago by pingou.

file modified
+4 -1
@@ -58,7 +58,9 @@ 

  def index():

      """ Front page of the application.

      """

-     if authenticated() and flask.request.path == "/":

+     if authenticated() and flask.request.path == "/" \

+             and not flask.session.get("_requires_fpca", False):

+         flask.request.from_index = True

          return flask.redirect(flask.url_for("ui_ns.userdash_projects"))

  

      sorting = flask.request.args.get("sorting") or None
@@ -986,6 +988,7 @@ 

  def new_project():

      """ Form to create a new project.

      """

+ 

      user = pagure.lib.search_user(

          flask.g.session, username=flask.g.fas_user.username

      )

file modified
+2 -1
@@ -205,11 +205,11 @@ 

      If the auth system is ``fas`` it will also require that the user sign

      the FPCA.

      """

-     auth_method = pagure_config.get("PAGURE_AUTH", None)

  

      @wraps(function)

      def decorated_function(*args, **kwargs):

          """ Decorated function, actually does the work. """

+         auth_method = pagure_config.get("PAGURE_AUTH", None)

          if flask.session.get("_justloggedout", False):

              return flask.redirect(flask.url_for("ui_ns.index"))

          elif not authenticated():
@@ -217,6 +217,7 @@ 

                  flask.url_for("auth_login", next=flask.request.url)

              )

          elif auth_method == "fas" and not flask.g.fas_user.cla_done:

+             flask.session["_requires_fpca"] = True

              flask.flash(

                  flask.Markup(

                      'You must <a href="https://admin.fedoraproject'

@@ -1937,6 +1937,23 @@ 

              output = self.app.get('/settings/token/new')

              self.assertEqual(output.status_code, 302)

  

+     @patch.dict('pagure.config.config', {'PAGURE_AUTH': 'fas'})

+     @patch.dict('pagure.utils.pagure_config', {'PAGURE_AUTH': 'fas'})

+     def test_create_project_auth_FAS_no_FPCA(self):

+         """ Test creating a project when auth is FAS and the user did not

+         sign the FPCA. """

+ 

+         user = tests.FakeUser(username='foo', cla_done=False)

+         with tests.user_set(self.app.application, user):

+             output = self.app.get('/new/', follow_redirects=True)

+             self.assertEqual(output.status_code, 200)

+             output_text = output.get_data(as_text=True)

+             self.assertIn('<title>Home - Pagure</title>', output_text)

+             self.assertIn(

+                 '</i> You must <a href="https://admin.fedoraproject.org/accounts/'

+                 '">sign the FPCA</a> (Fedora Project Contributor Agreement) '

+                 'to use pagure</div>', output_text)

+ 

  

  class PagureFlaskAppNoDocstests(tests.Modeltests):

      """ Tests for flask app controller of pagure """

When AUTH is set to fas, if the user has not sign the FPCA and tries
accessing a page requiring authentication and FPCA, they get redirected
to the index page, from there to the user's dashboard that requires
authentication and FPCA and the loop is triggered.

Fixes https://pagure.io/pagure/issue/3611

Signed-off-by: Pierre-Yves Chibon pingou@pingoured.fr

rebased onto 08da0da

2 years ago

Pull-Request has been merged by pingou

2 years ago