almet/argos
1
0
Fork 0
mirror of https://framagit.org/framasoft/framaspace/argos.git synced 2025-04-28 18:02:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

🐛 — Fix bug in login view when having an expired token in cookie (redirect loop)

Browse source
This commit is contained in:
Luc Didry 2024-07-04 09:01:13 +02:00
parent db50aceddb
commit 636779cb79
No known key found for this signature in database
GPG key ID: EA868E12D0257E3C
4 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.gitlab-ci.yml
View file

@ -51,6 +51,17 @@ format:
script: script:
- make ruff - make ruff
release_job:
stage: deploy
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: $CI_COMMIT_TAG
script:
- sed -n '/^## '$CI_COMMIT_TAG'/,/^#/p' CHANGELOG.md | sed -e '/^\(#\|$\|Date\)/d' > release.md
release: # See https://docs.gitlab.com/ee/ci/yaml/#release for available properties
tag_name: '$CI_COMMIT_TAG'
description: './release.md'
pages: pages:
<<: *pull_cache <<: *pull_cache
stage: deploy stage: deploy

2
CHANGELOG.md
View file

@ -2,6 +2,8 @@
## [Unreleased] ## [Unreleased]
- 🐛 — Fix bug in login view when having an expired token in cookie (redirect loop)
## 0.2.1 ## 0.2.1
Date: 2024-06-27 Date: 2024-06-27

5
argos/server/exceptions.py
View file

@ -10,4 +10,7 @@ def auth_exception_handler(request: Request, exc: NotAuthenticatedException):
""" """
Redirect the user to the login page if not logged in Redirect the user to the login page if not logged in
""" """
return RedirectResponse(url=request.url_for("login_view")) response = RedirectResponse(url=request.url_for("login_view"))
manager = request.app.state.manager
manager.set_cookie(response, "")
return response

2
argos/server/routes/views.py
View file

@ -29,7 +29,7 @@ SEVERITY_LEVELS = {"ok": 1, "warning": 2, "critical": 3, "unknown": 4}
@route.get("/login") @route.get("/login")
async def login_view(request: Request, msg: str | None = None): async def login_view(request: Request, msg: str | None = None):
token = request.cookies.get("access-token") token = request.cookies.get("access-token")
if token is not None: if token is not None and token != "":
manager = request.app.state.manager manager = request.app.state.manager
user = await manager.get_current_user(token) user = await manager.get_current_user(token)
if user is not None: if user is not None: