Escape unicode characters when setting logout_reason cookie

Conflicts:
	openstack_auth/views.py

Resolved conflict caused by 6ffeb3cabad7e311a99094b2cf2a2a266be84990,
which is present stable/victoria and later.

Change-Id: Ic61a3958461a4a939acc40d1039881e2d4c3a1cd
Closes-bug: #1894801
(cherry picked from commit e68e23937341d03be7475d71903f31a61403c1e2)

4 files changed, 21 insertions, 11 deletions

diff --git a/horizon/templates/auth/_login_form.html b/horizon/templates/auth/_login_form.html
index 66ce8ff19..a4a4abad5 100644
--- a/horizon/templates/auth/_login_form.html
+++ b/horizon/templates/auth/_login_form.html
@@ -52,13 +52,13 @@
             </p>
           </div>
         {% endif  %}
-        {% if request.COOKIES.logout_reason %}
-          {% if request.COOKIES.logout_status == "success" %}
+        {% if logout_reason %}
+          {% if logout_status == "success" %}
             <div class="form-group clearfix error help-block alert alert-success" id="logout_reason">
           {% else %}
             <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason">
           {% endif %}
-              <p>{{ request.COOKIES.logout_reason }}</p>
+              <p>{{ logout_reason }}</p>
             </div>
         {% endif %}
         {% if csrf_failure %}
diff --git a/horizon/templates/auth/_password_form.html b/horizon/templates/auth/_password_form.html
index 45ed92011..3968e767e 100644
--- a/horizon/templates/auth/_password_form.html
+++ b/horizon/templates/auth/_password_form.html
@@ -31,13 +31,13 @@
         </div>
       {%endif%}
       <fieldset hz-login-finder>
-        {% if request.COOKIES.logout_reason %}
-          {% if request.COOKIES.logout_status == "success" %}
+        {% if logout_reason %}
+          {% if logout_status == "success" %}
             <div class="form-group clearfix error help-block alert alert-success" id="logout_reason">
           {% else %}
             <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason">
           {% endif %}
-              <p>{{ request.COOKIES.logout_reason }}</p>
+              <p>{{ logout_reason }}</p>
             </div>
         {% endif %}
         {% include "horizon/common/_form_fields.html" %}
diff --git a/horizon/utils/functions.py b/horizon/utils/functions.py
index 1052c8ff8..d454156af 100644
--- a/horizon/utils/functions.py
+++ b/horizon/utils/functions.py
@@ -43,7 +43,7 @@ def add_logout_reason(request, response, reason, status='success'):
     # Store the translated string in the cookie
     lang = translation.get_language_from_request(request)
     with translation.override(lang):
-        reason = str(reason)
+        reason = force_text(reason).encode('unicode_escape').decode('ascii')
         response.set_cookie('logout_reason', reason, max_age=10)
         response.set_cookie('logout_status', status, max_age=10)
 
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 54f0ed881..3cd4ef8d6 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -47,6 +47,11 @@ from openstack_auth import utils
 LOG = logging.getLogger(__name__)
 
 
+def set_logout_reason(res, msg):
+    msg = msg.encode('unicode_escape').decode('ascii')
+    res.set_cookie('logout_reason', msg, max_age=10)
+
+
 # TODO(stephenfin): Migrate to CBV
 @sensitive_post_parameters()
 @csrf_protect
@@ -102,10 +107,15 @@ def login(request):
         form = functional.curry(forms.Login, initial=initial)
 
     choices = settings.WEBSSO_CHOICES
+    logout_reason = request.COOKIES.get(
+        'logout_reason', '').encode('ascii').decode('unicode_escape')
+    logout_status = request.COOKIES.get('logout_status')
     extra_context = {
         'redirect_field_name': auth.REDIRECT_FIELD_NAME,
         'csrf_failure': request.GET.get('csrf_failure'),
         'show_sso_opts': utils.is_websso_enabled() and len(choices) > 1,
+        'logout_reason': logout_reason,
+        'logout_status': logout_status,
     }
 
     if request.is_ajax():
@@ -125,7 +135,7 @@ def login(request):
         res = django_http.HttpResponseRedirect(
             reverse('password', args=[exc.user_id]))
         msg = _("Your password has expired. Please set a new password.")
-        res.set_cookie('logout_reason', msg, max_age=10)
+        set_logout_reason(res, msg)
 
     # Save the region in the cookie, this is used as the default
     # selected region next time the Login form loads.
@@ -176,7 +186,7 @@ def websso(request):
         else:
             msg = 'Login failed: %s' % exc
             res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
-            res.set_cookie('logout_reason', msg, max_age=10)
+            set_logout_reason(res, msg)
         return res
 
     auth_user.set_session_from_user(request, request.user)
@@ -348,7 +358,7 @@ def switch_keystone_provider(request, keystone_provider=None,
         except exceptions.KeystoneAuthException as exc:
             msg = 'Keystone provider switch failed: %s' % exc
             res = django_http.HttpResponseRedirect(settings.LOGIN_URL)
-            res.set_cookie('logout_reason', msg, max_age=10)
+            set_logout_reason(res, msg)
             return res
         auth.login(request, request.user)
         auth_user.set_session_from_user(request, request.user)
@@ -378,5 +388,5 @@ class PasswordView(edit_views.FormView):
         # We have no session here, so regular messages don't work.
         msg = _('Password changed. Please log in to continue.')
         res = django_http.HttpResponseRedirect(self.success_url)
-        res.set_cookie('logout_reason', msg, max_age=10)
+        set_logout_reason(res, msg)
         return res