pallets-eco · jwag956 · May 8, 2019 · Oct 27, 2017 · Jan 5, 2018
diff --git a/flask_security/core.py b/flask_security/core.py
@@ -76,7 +76,7 @@
     'POST_CONFIRM_VIEW': None,
     'POST_RESET_VIEW': None,
     'POST_CHANGE_VIEW': None,
-    'UNAUTHORIZED_VIEW': lambda: None,
+    'UNAUTHORIZED_VIEW': None,
     'FORGOT_PASSWORD_TEMPLATE': 'security/forgot_password.html',
     'LOGIN_USER_TEMPLATE': 'security/login_user.html',
     'REGISTER_USER_TEMPLATE': 'security/register_user.html',

diff --git a/flask_security/decorators.py b/flask_security/decorators.py
@@ -43,7 +43,7 @@ def _get_unauthorized_response(text=None, headers=None):
 
 
 def _get_unauthorized_view():
-    view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW'))
+    view = utils.config_value('UNAUTHORIZED_VIEW')
     if view:
         if callable(view):
             view = view()

diff --git a/tests/test_common.py b/tests/test_common.py
@@ -132,9 +132,10 @@ def test_authorized_access(client):
 def test_unauthorized_access(client, get_message):
     authenticate(client, "[email protected]")
     response = client.get("/admin", follow_redirects=True)
-    assert get_message('UNAUTHORIZED') in response.data
+    assert response.status_code == 403
 
 
+@pytest.mark.settings(unauthorized_view=lambda: None)
 def test_unauthorized_access_with_referrer(client, get_message):
     authenticate(client, '[email protected]')
     response = client.get('/admin', headers={'referer': '/admin'})
@@ -154,6 +155,7 @@ def test_unauthorized_access_with_referrer(client, get_message):
     assert response.data.count(get_message('UNAUTHORIZED')) == 1
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_roles_accepted(client):
     for user in ("[email protected]", "[email protected]"):
         authenticate(client, user)
@@ -166,11 +168,13 @@ def test_roles_accepted(client):
     assert b'Home Page' in response.data
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_unauthenticated_role_required(client, get_message):
     response = client.get('/admin', follow_redirects=True)
     assert get_message('UNAUTHORIZED') in response.data
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_multiple_role_required(client):
     for user in ("[email protected]", "[email protected]"):
         authenticate(client, user)