ident: don't expose register page if it doesn't exist for method (#40935)
This commit is contained in:
parent
9fb3a20204
commit
a6c5831933
|
@ -350,3 +350,10 @@ def test_fc_logout_error():
|
|||
setup_fc_environment(pub)
|
||||
app = get_app(pub)
|
||||
app.get('/ident/fc/logout', status=400)
|
||||
|
||||
|
||||
def test_fc_register_error():
|
||||
setup_user_profile(pub)
|
||||
setup_fc_environment(pub)
|
||||
app = get_app(pub)
|
||||
app.get('/register/fc/', status=404)
|
||||
|
|
|
@ -182,6 +182,8 @@ class RegisterDirectory(Directory):
|
|||
def _q_lookup(self, component):
|
||||
try:
|
||||
dir = ident.get_method_directory(component)
|
||||
if 'register' not in dir._q_exports:
|
||||
return errors.TraversalError()
|
||||
# set the register page as the index page, so the url can be
|
||||
# /register/password/ instead of /register/password/register
|
||||
dir._q_exports.append('')
|
||||
|
|
Loading…
Reference in New Issue