From f3d202725bd21b4bee08b924e1bf26edf6fec4af Mon Sep 17 00:00:00 2001 From: Jiri Kuncar Date: Fri, 27 Oct 2017 13:00:28 +0200 Subject: [PATCH 1/2] core: fix default for UNAUTHORIZED_VIEW * Changes default to `None` to be consistent with documentation. (closes #724) --- flask_security/core.py | 2 +- tests/test_common.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/flask_security/core.py b/flask_security/core.py index 62e9ac5c..5ce498f9 100644 --- a/flask_security/core.py +++ b/flask_security/core.py @@ -76,7 +76,7 @@ 'POST_CONFIRM_VIEW': None, 'POST_RESET_VIEW': None, 'POST_CHANGE_VIEW': None, - 'UNAUTHORIZED_VIEW': lambda: None, + 'UNAUTHORIZED_VIEW': None, 'FORGOT_PASSWORD_TEMPLATE': 'security/forgot_password.html', 'LOGIN_USER_TEMPLATE': 'security/login_user.html', 'REGISTER_USER_TEMPLATE': 'security/register_user.html', diff --git a/tests/test_common.py b/tests/test_common.py index 2462f5b8..ba5252e2 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -10,6 +10,8 @@ import json import pytest +import pytest + from utils import authenticate, json_authenticate, logout try: @@ -132,9 +134,10 @@ def test_authorized_access(client): def test_unauthorized_access(client, get_message): authenticate(client, "joe@lp.com") response = client.get("/admin", follow_redirects=True) - assert get_message('UNAUTHORIZED') in response.data + assert response.status_code == 403 +@pytest.mark.settings(unauthorized_view=lambda: None) def test_unauthorized_access_with_referrer(client, get_message): authenticate(client, 'joe@lp.com') response = client.get('/admin', headers={'referer': '/admin'}) @@ -154,6 +157,7 @@ def test_unauthorized_access_with_referrer(client, get_message): assert response.data.count(get_message('UNAUTHORIZED')) == 1 +@pytest.mark.settings(unauthorized_view='/') def test_roles_accepted(client): for user in ("matt@lp.com", "joe@lp.com"): authenticate(client, user) @@ -166,11 +170,13 @@ def test_roles_accepted(client): assert b'Home Page' in response.data +@pytest.mark.settings(unauthorized_view='/') def test_unauthenticated_role_required(client, get_message): response = client.get('/admin', follow_redirects=True) assert get_message('UNAUTHORIZED') in response.data +@pytest.mark.settings(unauthorized_view='/') def test_multiple_role_required(client): for user in ("matt@lp.com", "joe@lp.com"): authenticate(client, user) From 30b4c0855d1dfc3552095b3e7f3a1d7310401c7a Mon Sep 17 00:00:00 2001 From: Jiri Kuncar Date: Fri, 5 Jan 2018 14:16:22 +0100 Subject: [PATCH 2/2] Fix url generation of UNAUTHORIZED_VIEW --- flask_security/decorators.py | 2 +- tests/test_common.py | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/flask_security/decorators.py b/flask_security/decorators.py index 8eecacd3..ec65b140 100644 --- a/flask_security/decorators.py +++ b/flask_security/decorators.py @@ -43,7 +43,7 @@ def _get_unauthorized_response(text=None, headers=None): def _get_unauthorized_view(): - view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW')) + view = utils.config_value('UNAUTHORIZED_VIEW') if view: if callable(view): view = view() diff --git a/tests/test_common.py b/tests/test_common.py index ba5252e2..45b802cd 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -10,8 +10,6 @@ import json import pytest -import pytest - from utils import authenticate, json_authenticate, logout try: