diff options
Diffstat (limited to 'openstack_auth')
-rw-r--r-- | openstack_auth/locale/en_GB/LC_MESSAGES/django.po | 9 | ||||
-rw-r--r-- | openstack_auth/tests/unit/test_views.py | 38 | ||||
-rw-r--r-- | openstack_auth/views.py | 22 |
3 files changed, 66 insertions, 3 deletions
diff --git a/openstack_auth/locale/en_GB/LC_MESSAGES/django.po b/openstack_auth/locale/en_GB/LC_MESSAGES/django.po index f4f35ce1d..53b157572 100644 --- a/openstack_auth/locale/en_GB/LC_MESSAGES/django.po +++ b/openstack_auth/locale/en_GB/LC_MESSAGES/django.po @@ -1,15 +1,16 @@ # Andi Chandler <andi@gowling.com>, 2017. #zanata # Andi Chandler <andi@gowling.com>, 2018. #zanata # Andi Chandler <andi@gowling.com>, 2019. #zanata +# Andi Chandler <andi@gowling.com>, 2020. #zanata msgid "" msgstr "" "Project-Id-Version: horizon VERSION\n" "Report-Msgid-Bugs-To: https://bugs.launchpad.net/openstack-i18n/\n" -"POT-Creation-Date: 2020-01-08 17:20+0000\n" +"POT-Creation-Date: 2020-10-19 06:37+0000\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"PO-Revision-Date: 2019-11-14 11:14+0000\n" +"PO-Revision-Date: 2020-10-19 02:49+0000\n" "Last-Translator: Andi Chandler <andi@gowling.com>\n" "Language-Team: English (United Kingdom)\n" "Language: en_GB\n" @@ -25,6 +26,10 @@ msgstr "Authenticate using" msgid "Confirm password" msgstr "Confirm password" +msgid "Cookies may be turned off. Make sure cookies are enabled and try again." +msgstr "" +"Cookies may be turned off. Make sure cookies are enabled and try again." + msgid "Could not find service provider ID on keystone." msgstr "Could not find service provider ID on Keystone." diff --git a/openstack_auth/tests/unit/test_views.py b/openstack_auth/tests/unit/test_views.py new file mode 100644 index 000000000..948a7224e --- /dev/null +++ b/openstack_auth/tests/unit/test_views.py @@ -0,0 +1,38 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from django.middleware import csrf +from django import test + +from openstack_auth import views + + +class CsrfTestCase(test.TestCase): + COOKIES_OFF_MSG = ("Cookies may be turned off. " + "Make sure cookies are enabled and try again.") + + def test_no_csrf(self): + reason = views.get_csrf_reason(None) + self.assertIsNone(reason) + + def test_valid_csrf(self): + reason = views.get_csrf_reason(csrf.REASON_NO_CSRF_COOKIE) + expected = csrf.REASON_NO_CSRF_COOKIE + " " + self.COOKIES_OFF_MSG + + self.assertEqual(expected, reason) + + def test_invalid_csrf(self): + reason = views.get_csrf_reason("error message") + expected = self.COOKIES_OFF_MSG + + self.assertEqual(expected, reason) diff --git a/openstack_auth/views.py b/openstack_auth/views.py index 376d12d79..353dc9915 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -19,6 +19,7 @@ from django.contrib.auth.decorators import login_required from django.contrib.auth import views as django_auth_views from django.contrib import messages from django import http as django_http +from django.middleware import csrf from django import shortcuts from django.urls import reverse from django.utils import functional @@ -47,6 +48,24 @@ from openstack_auth import utils LOG = logging.getLogger(__name__) +def get_csrf_reason(reason): + if not reason: + return + + if reason not in [csrf.REASON_NO_REFERER, + csrf.REASON_BAD_REFERER, + csrf.REASON_NO_CSRF_COOKIE, + csrf.REASON_BAD_TOKEN, + csrf.REASON_MALFORMED_REFERER, + csrf.REASON_INSECURE_REFERER]: + reason = "" + else: + reason += " " + reason += str(_("Cookies may be turned off. " + "Make sure cookies are enabled and try again.")) + return reason + + # TODO(stephenfin): Migrate to CBV @sensitive_post_parameters() @csrf_protect @@ -102,9 +121,10 @@ def login(request): form = functional.curry(forms.Login, initial=initial) choices = settings.WEBSSO_CHOICES + reason = get_csrf_reason(request.GET.get('csrf_failure')) extra_context = { 'redirect_field_name': auth.REDIRECT_FIELD_NAME, - 'csrf_failure': request.GET.get('csrf_failure'), + 'csrf_failure': reason, 'show_sso_opts': settings.WEBSSO_ENABLED and len(choices) > 1, 'classes': { 'value': '', |