diff options
author | Radomir Dopieralski <openstack@sheep.art.pl> | 2021-09-01 18:01:41 +0200 |
---|---|---|
committer | Vishal Manchanda <manchandavishal143@gmail.com> | 2021-09-22 17:28:54 +0000 |
commit | 07325eb90ea9bf6c20143678a00f8ccfb1e76f98 (patch) | |
tree | 19b4b5aeacf482dd9d8306d0f050211f12ff5640 | |
parent | fbc27e4a0aad2b607e40934a6f92463883306685 (diff) | |
download | horizon-07325eb90ea9bf6c20143678a00f8ccfb1e76f98.tar.gz |
Escape unicode characters when setting logout_reason cookie
Change-Id: Ic61a3958461a4a939acc40d1039881e2d4c3a1cd
Closes-bug: #1894801
(cherry picked from commit e68e23937341d03be7475d71903f31a61403c1e2)
-rw-r--r-- | horizon/templates/auth/_login_form.html | 6 | ||||
-rw-r--r-- | horizon/templates/auth/_password_form.html | 6 | ||||
-rw-r--r-- | horizon/utils/functions.py | 2 | ||||
-rw-r--r-- | openstack_auth/views.py | 18 |
4 files changed, 21 insertions, 11 deletions
diff --git a/horizon/templates/auth/_login_form.html b/horizon/templates/auth/_login_form.html index 66ce8ff19..a4a4abad5 100644 --- a/horizon/templates/auth/_login_form.html +++ b/horizon/templates/auth/_login_form.html @@ -52,13 +52,13 @@ </p> </div> {% endif %} - {% if request.COOKIES.logout_reason %} - {% if request.COOKIES.logout_status == "success" %} + {% if logout_reason %} + {% if logout_status == "success" %} <div class="form-group clearfix error help-block alert alert-success" id="logout_reason"> {% else %} <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason"> {% endif %} - <p>{{ request.COOKIES.logout_reason }}</p> + <p>{{ logout_reason }}</p> </div> {% endif %} {% if csrf_failure %} diff --git a/horizon/templates/auth/_password_form.html b/horizon/templates/auth/_password_form.html index 45ed92011..3968e767e 100644 --- a/horizon/templates/auth/_password_form.html +++ b/horizon/templates/auth/_password_form.html @@ -31,13 +31,13 @@ </div> {%endif%} <fieldset hz-login-finder> - {% if request.COOKIES.logout_reason %} - {% if request.COOKIES.logout_status == "success" %} + {% if logout_reason %} + {% if logout_status == "success" %} <div class="form-group clearfix error help-block alert alert-success" id="logout_reason"> {% else %} <div class="form-group clearfix error help-block alert alert-danger" id="logout_reason"> {% endif %} - <p>{{ request.COOKIES.logout_reason }}</p> + <p>{{ logout_reason }}</p> </div> {% endif %} {% include "horizon/common/_form_fields.html" %} diff --git a/horizon/utils/functions.py b/horizon/utils/functions.py index 1052c8ff8..d454156af 100644 --- a/horizon/utils/functions.py +++ b/horizon/utils/functions.py @@ -43,7 +43,7 @@ def add_logout_reason(request, response, reason, status='success'): # Store the translated string in the cookie lang = translation.get_language_from_request(request) with translation.override(lang): - reason = str(reason) + reason = force_text(reason).encode('unicode_escape').decode('ascii') response.set_cookie('logout_reason', reason, max_age=10) response.set_cookie('logout_status', status, max_age=10) diff --git a/openstack_auth/views.py b/openstack_auth/views.py index 353dc9915..451ac8422 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -66,6 +66,11 @@ def get_csrf_reason(reason): return reason +def set_logout_reason(res, msg): + msg = msg.encode('unicode_escape').decode('ascii') + res.set_cookie('logout_reason', msg, max_age=10) + + # TODO(stephenfin): Migrate to CBV @sensitive_post_parameters() @csrf_protect @@ -122,6 +127,9 @@ def login(request): choices = settings.WEBSSO_CHOICES reason = get_csrf_reason(request.GET.get('csrf_failure')) + logout_reason = request.COOKIES.get( + 'logout_reason', '').encode('ascii').decode('unicode_escape') + logout_status = request.COOKIES.get('logout_status') extra_context = { 'redirect_field_name': auth.REDIRECT_FIELD_NAME, 'csrf_failure': reason, @@ -131,6 +139,8 @@ def login(request): 'single_value': '', 'label': '', }, + 'logout_reason': logout_reason, + 'logout_status': logout_status, } if request.is_ajax(): @@ -150,7 +160,7 @@ def login(request): res = django_http.HttpResponseRedirect( reverse('password', args=[exc.user_id])) msg = _("Your password has expired. Please set a new password.") - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. @@ -201,7 +211,7 @@ def websso(request): else: msg = 'Login failed: %s' % exc res = django_http.HttpResponseRedirect(settings.LOGIN_URL) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res auth_user.set_session_from_user(request, request.user) @@ -373,7 +383,7 @@ def switch_keystone_provider(request, keystone_provider=None, except exceptions.KeystoneAuthException as exc: msg = 'Keystone provider switch failed: %s' % exc res = django_http.HttpResponseRedirect(settings.LOGIN_URL) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res auth.login(request, request.user) auth_user.set_session_from_user(request, request.user) @@ -403,5 +413,5 @@ class PasswordView(edit_views.FormView): # We have no session here, so regular messages don't work. msg = _('Password changed. Please log in to continue.') res = django_http.HttpResponseRedirect(self.success_url) - res.set_cookie('logout_reason', msg, max_age=10) + set_logout_reason(res, msg) return res |