auth: Use config_error instead of JsonableError in remote_user_sso.

This commit is contained in:
Mateusz Mandera 2019-12-11 23:13:21 +01:00 committed by Tim Abbott
parent e955bfde83
commit 4eb629e276
4 changed files with 28 additions and 6 deletions

View File

@ -93,6 +93,18 @@
</p>
{% endif %}
{% endif %}
{% if remoteuser_error_backend_disabled %}
<p>
Authentication via the REMOTE_USER header is
disabled in `/etc/zulip/settings.py`.
</p>
{% endif %}
{% if remoteuser_error_remote_user_header_missing %}
<p>
The REMOTE_USER header is not set.
</p>
{% endif %}
<p>After making your changes, remember to restart
the Zulip server.</p>
</div>

View File

@ -2225,7 +2225,10 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
def test_login_failure(self) -> None:
email = self.example_email("hamlet")
result = self.client_post('/accounts/login/sso/', REMOTE_USER=email)
self.assert_json_error(result, "This authentication backend is disabled.")
self.assertEqual(result.status_code, 302)
result = self.client_get(result["Location"])
self.assert_in_response("Authentication via the REMOTE_USER header is", result)
self.assert_logged_in_user_id(None)
def test_login_failure_due_to_nonexisting_user(self) -> None:
@ -2245,7 +2248,10 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
def test_login_failure_due_to_missing_field(self) -> None:
with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)):
result = self.client_post('/accounts/login/sso/')
self.assert_json_error_contains(result, "No REMOTE_USER set.", 400)
self.assertEqual(result.status_code, 302)
result = self.client_get(result["Location"])
self.assert_in_response("The REMOTE_USER header is not set.", result)
def test_login_failure_due_to_wrong_subdomain(self) -> None:
email = self.example_email("hamlet")

View File

@ -260,14 +260,12 @@ def remote_user_sso(request: HttpRequest,
realm = None
if not auth_enabled_helper([ZulipRemoteUserBackend.auth_backend_name], realm):
raise JsonableError(_("This authentication backend is disabled."))
return redirect_to_config_error("remoteuser/backend_disabled")
try:
remote_user = request.META["REMOTE_USER"]
except KeyError:
# TODO: Arguably the JsonableError values here should be
# full-page HTML configuration errors instead.
raise JsonableError(_("No REMOTE_USER set."))
return redirect_to_config_error("remoteuser/remote_user_header_missing")
# Django invokes authenticate methods by matching arguments, and this
# authentication flow will not invoke LDAP authentication because of

View File

@ -585,6 +585,12 @@ i18n_urls = [
url(r'^config-error/saml$', TemplateView.as_view(
template_name='zerver/config_error.html',),
{'saml_error': True},),
url(r'^config-error/remoteuser/backend_disabled$', TemplateView.as_view(
template_name='zerver/config_error.html',),
{'remoteuser_error_backend_disabled': True},),
url(r'^config-error/remoteuser/remote_user_header_missing$', TemplateView.as_view(
template_name='zerver/config_error.html',),
{'remoteuser_error_remote_user_header_missing': True},),
]
# Make a copy of i18n_urls so that they appear without prefix for english