Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

core: fix default for UNAUTHORIZED_VIEW #726

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
+9 −3
Open

core: fix default for UNAUTHORIZED_VIEW #726

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2f35df
core: fix default for UNAUTHORIZED_VIEW
jirikuncar Oct 27, 2017
05ff114
Fix url generation of UNAUTHORIZED_VIEW
jirikuncar Jan 5, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion flask_security/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
'POST_CONFIRM_VIEW': None,
'POST_RESET_VIEW': None,
'POST_CHANGE_VIEW': None,
'UNAUTHORIZED_VIEW': lambda: None,
'UNAUTHORIZED_VIEW': None,
'FORGOT_PASSWORD_TEMPLATE': 'security/forgot_password.html',
'LOGIN_USER_TEMPLATE': 'security/login_user.html',
'REGISTER_USER_TEMPLATE': 'security/register_user.html',
Expand Down
2 changes: 1 addition & 1 deletion flask_security/decorators.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def _get_unauthorized_response(text=None, headers=None):


def _get_unauthorized_view():
view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW'))
view = utils.config_value('UNAUTHORIZED_VIEW')
if view:
if callable(view):
view = view()
Expand Down
8 changes: 7 additions & 1 deletion tests/test_common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

import base64

import pytest

from utils import authenticate, json_authenticate, logout

try:
Expand Down Expand Up @@ -130,9 +132,10 @@ def test_authorized_access(client):
def test_unauthorized_access(client, get_message):
authenticate(client, "[email protected]")
response = client.get("/admin", follow_redirects=True)
assert get_message('UNAUTHORIZED') in response.data
assert response.status_code == 403


@pytest.mark.settings(unauthorized_view=lambda: None)
def test_unauthorized_access_with_referrer(client, get_message):
authenticate(client, '[email protected]')
response = client.get('/admin', headers={'referer': '/admin'})
Expand All @@ -152,6 +155,7 @@ def test_unauthorized_access_with_referrer(client, get_message):
assert response.data.count(get_message('UNAUTHORIZED')) == 1


@pytest.mark.settings(unauthorized_view='/')
def test_roles_accepted(client):
for user in ("[email protected]", "[email protected]"):
authenticate(client, user)
Expand All @@ -164,11 +168,13 @@ def test_roles_accepted(client):
assert b'Home Page' in response.data


@pytest.mark.settings(unauthorized_view='/')
def test_unauthenticated_role_required(client, get_message):
response = client.get('/admin', follow_redirects=True)
assert get_message('UNAUTHORIZED') in response.data


@pytest.mark.settings(unauthorized_view='/')
def test_multiple_role_required(client):
for user in ("[email protected]", "[email protected]"):
authenticate(client, user)
Expand Down