almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 20:51:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

in case of token error, don't try to force authentication, it's useless

Browse source
This commit is contained in:
Glandos 2021-10-10 23:45:58 +02:00
parent 84862ec84a
commit e74d649196
2 changed files with 4 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ihatemoney/tests/budget_test.py
View file

@ -101,11 +101,9 @@ class BudgetTestCase(IhatemoneyTestCase):
) )
assert "Create a new project" in resp.data.decode("utf-8") assert "Create a new project" in resp.data.decode("utf-8")
resp = self.client.get("/authenticate")
self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
# A token MUST have a point between payload and signature # A token MUST have a point between payload and signature
resp = self.client.get("/raclette/join/token.invalid", follow_redirects=True) resp = self.client.get("/raclette/join/token.invalid", follow_redirects=True)
self.assertIn("You either provided a bad token", resp.data.decode("utf-8")) self.assertIn("Provided token is invalid", resp.data.decode("utf-8"))
def test_invite_code_invalidation(self): def test_invite_code_invalidation(self):
"""Test that invitation link expire after code change""" """Test that invitation link expire after code change"""
@ -137,7 +135,7 @@ class BudgetTestCase(IhatemoneyTestCase):
self.client.get("/exit") self.client.get("/exit")
response = self.client.get(link, follow_redirects=True) response = self.client.get(link, follow_redirects=True)
# Link is invalid # Link is invalid
self.assertIn("You either provided a bad token", response.data.decode("utf-8")) self.assertIn("Provided token is invalid", response.data.decode("utf-8"))
def test_password_reminder(self): def test_password_reminder(self):
# test that it is possible to have an email containing the password of a # test that it is possible to have an email containing the password of a

12
ihatemoney/web.py
View file

@ -203,9 +203,8 @@ def join_project(token):
token, token_type="auth", project_id=project_id token, token_type="auth", project_id=project_id
) )
if verified_project_id != project_id: if verified_project_id != project_id:
# User doesn't provide project identifier or a valid token flash(_("Provided token is invalid"), "danger")
# redirect to authenticate form return redirect("/")
return redirect(url_for(".authenticate", project_id=project_id, bad_token=1))
# maintain a list of visited projects # maintain a list of visited projects
if "projects" not in session: if "projects" not in session:
@ -228,13 +227,6 @@ def authenticate(project_id=None):
form.id.data = request.args["project_id"] form.id.data = request.args["project_id"]
project_id = form.id.data project_id = form.id.data
if project_id is None or request.args.get("bad_token") is not None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form["id"].errors = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id) project = Project.query.get(project_id)
if not project: if not project:
# If the user try to connect to an unexisting project, we will # If the user try to connect to an unexisting project, we will