auth_oidc: provide a less scary displayed error message (#73669) #39
|
@ -314,7 +314,9 @@ class LoginCallback(View):
|
|||
error = request.GET['error']
|
||||
error_dict = self.errors.get(error, {})
|
||||
level = error_dict.get('level', logging.WARNING)
|
||||
error_description = request.GET.get('error_description', error_dict.get('error_description'))
|
||||
remote_error_description = request.GET.get('error_description')
|
||||
local_error_description = error_dict.get('error_description')
|
||||
error_description = remote_error_description or local_error_description
|
||||
error_url = request.GET.get('error_url')
|
||||
|
||||
log_msg = 'auth_oidc: error received '
|
||||
|
@ -329,9 +331,16 @@ class LoginCallback(View):
|
|||
logger.log(level, log_msg)
|
||||
|
||||
if 'none' not in prompt:
|
||||
if error_description:
|
||||
# messages displayed to end user
|
||||
if local_error_description:
|
||||
# user-friendly error message
|
||||
messages.add_message(request, level, local_error_description)
|
||||
if remote_error_description:
|
||||
# log a more tech error description for debugging purposes
|
||||
messages.debug(request, remote_error_description)
|
||||
elif remote_error_description:
|
||||
message = _('%(error_description)s (%(error)s)') % {
|
||||
'error_description': error_description,
|
||||
'error_description': remote_error_description,
|
||||
'error': error,
|
||||
}
|
||||
messages.add_message(request, level, message)
|
||||
|
@ -343,11 +352,13 @@ class LoginCallback(View):
|
|||
}
|
||||
if provider:
|
||||
message = _(
|
||||
'Login with %(provider_name)s failed, report %(request_id)s to an administrator (%(error)s)'
|
||||
'Login with %(provider_name)s failed, please try again later and/or report '
|
||||
'%(request_id)s to an administrator (%(error)s)'
|
||||
)
|
||||
else:
|
||||
message = _(
|
||||
'Login with OpenID Connect failed, report %s to an administrator. (%(error)s)'
|
||||
'Login with OpenID Connect failed, please try again later and/or report %s to an '
|
||||
'administrator. (%(error)s)'
|
||||
)
|
||||
|
||||
messages.warning(request, message % message_params)
|
||||
|
|
|
@ -25,9 +25,11 @@ from unittest import mock
|
|||
|
||||
import pytest
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.messages import constants as message_constants
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.db import IntegrityError, transaction
|
||||
from django.http import QueryDict
|
||||
from django.test.utils import override_settings
|
||||
from django.urls import reverse
|
||||
from django.utils.encoding import force_str
|
||||
from django.utils.timezone import now, utc
|
||||
|
@ -1178,7 +1180,33 @@ def test_error_access_denied(app, caplog, oidc_provider_jwkset):
|
|||
assert 'denied by you or the identity provider' in caplog.records[-1].message
|
||||
assert caplog.records[-1].levelname == 'INFO'
|
||||
assert 'denied by you or the identity provider' in response.pyquery('.info').text()
|
||||
assert 'access_denied' in response
|
||||
assert 'access_denied' not in response # error code not logged in UI anymore
|
||||
|
||||
response = app.get(
|
||||
login_callback_url(oidc_provider),
|
||||
params={
|
||||
'error': 'access_denied',
|
||||
'error_description': 'some OP technical error message',
|
||||
'state': state,
|
||||
},
|
||||
)
|
||||
response = response.maybe_follow()
|
||||
assert 'denied by you or the identity provider' not in caplog.records[-1].message
|
||||
assert 'some OP technical error message' in caplog.records[-1].message
|
||||
|
||||
with override_settings(MESSAGE_LEVEL=message_constants.DEBUG):
|
||||
response = app.get(
|
||||
|
||||
login_callback_url(oidc_provider),
|
||||
params={
|
||||
'error': 'access_denied',
|
||||
'error_description': 'some OP technical error message',
|
||||
'state': state,
|
||||
},
|
||||
)
|
||||
|
||||
response = response.maybe_follow()
|
||||
assert 'denied by you or the identity provider' in response.pyquery('.info').text()
|
||||
assert 'some OP technical error message' in response.pyquery('.debug').text()
|
||||
|
||||
|
||||
def test_error_other(app, caplog, oidc_provider_jwkset):
|
||||
|
|
Loading…
Reference in New Issue
Je découvre ce setting, je crois que c'est la première fois que je vois l'utilisation d'un message Django de niveau DEBUG. C'est sympa mais ça risque de ne pas être très utilisé voir jamais.