linaro-license-protection

Merge lp:~dooferlad/linaro-license-protection/logout-link-on-openid-denied into lp:~linaro-automation/linaro-license-protection/trunk

  1. logout-link-on-openid-denied
  2. Merge into trunk
Proposed by James Tunnicliffe
Status: Merged
Approved by: James Tunnicliffe
Approved revision: 113
Merged at revision: 114
Proposed branch: lp:~dooferlad/linaro-license-protection/logout-link-on-openid-denied
Merge into: lp:~linaro-automation/linaro-license-protection/trunk
Diff against target: 91 lines (+57/-5)
3 files modified
license_protected_downloads/openid_auth.py (+23/-4)
license_protected_downloads/tests/test_openid_auth.py (+17/-1)
templates/openid_forbidden_template.html (+17/-0)
To merge this branch: bzr merge lp:~dooferlad/linaro-license-protection/logout-link-on-openid-denied
Reviewer Review Type Date Requested Status
Stevan Radaković Approve
Review via email: mp+120995@code.launchpad.net

Description of the change

Add a custom HTTP response forbidden page when we fail to be part of the correct Launchpad team to allow access to a file. The page lists the teams that you need to be a member of and allows you to log in again to give you the opportunity to make sure that you share the right team membership to give you file access (if you have it).

To post a comment you must log in.
Revision history for this message
Stevan Radaković (stevanr) wrote :

Since you're using template, I'd rather you just pass the openid_teams as an array to the template and construct the teams string over there... Does this sound viable?

review: Needs Fixing
Revision history for this message
Stevan Radaković (stevanr) wrote :

Approving, as agreed in the infra hangout.

review: Approve
Revision history for this message
James Tunnicliffe (dooferlad) wrote :

As discussed a moment ago, it may be possible, but in terms of what I can do quickly and us wanting to release soon, I think it is reasonable to mark that as possible future work.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'license_protected_downloads/openid_auth.py'
2--- license_protected_downloads/openid_auth.py 2012-07-11 13:13:56 +0000
3+++ license_protected_downloads/openid_auth.py 2012-08-23 13:40:54 +0000
4@@ -1,8 +1,7 @@
5 from django.conf import settings
6-from django.shortcuts import redirect
7-
8-from django.http import HttpResponseForbidden
9+from django.shortcuts import redirect, render_to_response
10 from django.contrib.auth.models import Group
11+import bzr_version
12
13
14 class OpenIDAuth:
15@@ -24,4 +23,24 @@
16 if group.name in openid_teams:
17 return None
18
19- return HttpResponseForbidden("Not Authorized")
20+ # Construct a nice string of openid teams that will allow access to
21+ # the requested file
22+ if len(openid_teams) > 1:
23+ teams_string = "one of the " + openid_teams.pop(0) + " "
24+ if len(openid_teams) > 1:
25+ teams_string += ", ".join(openid_teams[0:-1])
26+
27+ teams_string += " or " + openid_teams[-1] + " teams"
28+ else:
29+ teams_string = "the " + openid_teams[0] + " team"
30+
31+ response = render_to_response(
32+ 'openid_forbidden_template.html',
33+ {'login': settings.LOGIN_URL + "?next=" + request.path,
34+ 'authenticated': request.user.is_authenticated(),
35+ 'openid_teams': teams_string,
36+ 'revno': bzr_version.get_my_bzr_revno(),
37+ })
38+
39+ response.status_code = 403
40+ return response
41
42=== modified file 'license_protected_downloads/tests/test_openid_auth.py'
43--- license_protected_downloads/tests/test_openid_auth.py 2012-07-11 13:13:56 +0000
44+++ license_protected_downloads/tests/test_openid_auth.py 2012-08-23 13:40:54 +0000
45@@ -57,7 +57,23 @@
46 response = OpenIDAuth.process_openid_auth(mock_request, openid_teams)
47 self.assertIsNotNone(response)
48 self.assertTrue(isinstance(response, HttpResponse))
49- self.assertEquals(403, response.status_code)
50+ self.assertContains(response,
51+ "You need to be the member of the linaro team in Launchpad.",
52+ status_code=403)
53+
54+ def test_check_no_team_membership_authed_multi_teams(self):
55+ mock_request = self.make_mock_request()
56+ mock_request.user.is_authenticated.return_value = True
57+ mock_request.user.groups.all.return_value = [
58+ self.make_mock_group("another-group")]
59+ openid_teams = ["linaro", "batman", "catwoman", "joker"]
60+ response = OpenIDAuth.process_openid_auth(mock_request, openid_teams)
61+ self.assertIsNotNone(response)
62+ self.assertTrue(isinstance(response, HttpResponse))
63+ self.assertContains(response,
64+ "You need to be the member of one of the linaro batman, catwoman "
65+ "or joker teams in Launchpad.",
66+ status_code=403)
67
68 @patch("django.contrib.auth.models.Group.objects.get_or_create")
69 def test_auto_adding_groups(self, get_or_create_mock):
70
71=== added file 'templates/openid_forbidden_template.html'
72--- templates/openid_forbidden_template.html 1970-01-01 00:00:00 +0000
73+++ templates/openid_forbidden_template.html 2012-08-23 13:40:54 +0000
74@@ -0,0 +1,17 @@
75+{% extends "header.html" %}
76+
77+{% block content %}
78+ <h1>Forbidden</h1>
79+ <p>
80+ You do not have the correct group membership to access this file.
81+
82+ You need to be the member of {{ openid_teams }} in Launchpad.
83+
84+ If you think you should have access, you can try logging in again and check that
85+ one of the required group memberships are selected.
86+ </p>
87+ <p>
88+ <a href="{{ login }}">Login again</a>
89+ </p>
90+</table>
91+{% endblock %}

Subscribers

People subscribed via source and target branches