diff options
author | Zuul <zuul@review.opendev.org> | 2021-10-19 15:01:11 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2021-10-19 15:01:11 +0000 |
commit | d3d3be19c0c309ca075e760e8c89e8624b8f3dda (patch) | |
tree | 30e33ca062c8d1bb503886bbd4e11aa6ce96db9d | |
parent | 7bd6b01d78f4dc17e9040b224ee945b52b18800c (diff) | |
parent | 2d7b3e9dc675026208e6cba7ac24066f315268a8 (diff) | |
download | horizon-d3d3be19c0c309ca075e760e8c89e8624b8f3dda.tar.gz |
Merge "Escape unicode characters when setting logout_reason cookie" into stable/victoria
-rw-r--r-- | horizon/templates/auth/_login_form.html | 6 | ||||
-rw-r--r-- | horizon/templates/auth/_password_form.html | 6 | ||||
-rw-r--r-- | horizon/utils/functions.py | 2 | ||||
-rw-r--r-- | openstack_auth/views.py | 18 |
4 files changed, 21 insertions, 11 deletions
diff --git a/horizon/templates/auth/_login_form.html b/horizon/templates/auth/_login_form.html index 66ce8ff19..a4a4abad5 100644 --- a/horizon/templates/auth/_login_form.html +++ b/horizon/templates/auth/_login_form.html @@ -52,13 +52,13 @@ </p> </div> {% endif %} - {% if request.COOKIES.logout_reason %} - {% if request.COOKIES.logout_status == "success" %} + {% if logout_reason %} + {% if logout_status == "success" %} <div class="form-group clearfix error help-block alert alert-success" id="logout_reason"> {% else %} <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason"> {% endif %} - <p>{{ request.COOKIES.logout_reason }}</p> + <p>{{ logout_reason }}</p> </div> {% endif %} {% if csrf_failure %} diff --git a/horizon/templates/auth/_password_form.html b/horizon/templates/auth/_password_form.html index 45ed92011..3968e767e 100644 --- a/horizon/templates/auth/_password_form.html +++ b/horizon/templates/auth/_password_form.html @@ -31,13 +31,13 @@ </div> {%endif%} <fieldset hz-login-finder> - {% if request.COOKIES.logout_reason %} - {% if request.COOKIES.logout_status == "success" %} + {% if logout_reason %} + {% if logout_status == "success" %} <div class="form-group clearfix error help-block alert alert-success" id="logout_reason"> {% else %} <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason"> {% endif %} - <p>{{ request.COOKIES.logout_reason }}</p> + <p>{{ logout_reason }}</p> </div> {% endif %} {% include "horizon/common/_form_fields.html" %} diff --git a/horizon/utils/functions.py b/horizon/utils/functions.py index 1052c8ff8..d454156af 100644 --- a/horizon/utils/functions.py +++ b/horizon/utils/functions.py @@ -43,7 +43,7 @@ def add_logout_reason(request, response, reason, status='success'): # Store the translated string in the cookie lang = translation.get_language_from_request(request) with translation.override(lang): - reason = str(reason) + reason = force_text(reason).encode('unicode_escape').decode('ascii') response.set_cookie('logout_reason', reason, max_age=10) response.set_cookie('logout_status', status, max_age=10) diff --git a/openstack_auth/views.py b/openstack_auth/views.py index 11c8628ca..5eaa1da6d 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -66,6 +66,11 @@ def get_csrf_reason(reason): return reason +def set_logout_reason(res, msg): + msg = msg.encode('unicode_escape').decode('ascii') + res.set_cookie('logout_reason', msg, max_age=10) + + # TODO(stephenfin): Migrate to CBV @sensitive_post_parameters() @csrf_protect @@ -122,6 +127,9 @@ def login(request): choices = settings.WEBSSO_CHOICES reason = get_csrf_reason(request.GET.get('csrf_failure')) + logout_reason = request.COOKIES.get( + 'logout_reason', '').encode('ascii').decode('unicode_escape') + logout_status = request.COOKIES.get('logout_status') extra_context = { 'redirect_field_name': auth.REDIRECT_FIELD_NAME, 'csrf_failure': reason, @@ -131,6 +139,8 @@ def login(request): 'single_value': '', 'label': '', }, + 'logout_reason': logout_reason, + 'logout_status': logout_status, } if request.is_ajax(): @@ -150,7 +160,7 @@ def login(request): res = django_http.HttpResponseRedirect( reverse('password', args=[exc.user_id])) msg = _("Your password has expired. Please set a new password.") - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. @@ -201,7 +211,7 @@ def websso(request): else: msg = 'Login failed: %s' % exc res = django_http.HttpResponseRedirect(settings.LOGIN_URL) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res auth_user.set_session_from_user(request, request.user) @@ -373,7 +383,7 @@ def switch_keystone_provider(request, keystone_provider=None, except exceptions.KeystoneAuthException as exc: msg = 'Keystone provider switch failed: %s' % exc res = django_http.HttpResponseRedirect(settings.LOGIN_URL) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res auth.login(request, request.user) auth_user.set_session_from_user(request, request.user) @@ -403,5 +413,5 @@ class PasswordView(edit_views.FormView): # We have no session here, so regular messages don't work. msg = _('Password changed. Please log in to continue.') res = django_http.HttpResponseRedirect(self.success_url) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res |