From aa0a8a2aa8adb2109ec02ef587729f0fc2095031 Mon Sep 17 00:00:00 2001 From: Chase Sterling Date: Fri, 8 Jul 2016 23:39:11 -0400 Subject: [PATCH 1/8] Store next url redirect for in session to work with oauth login callbacks --- realms/modules/auth/ldap/views.py | 4 ++-- realms/modules/auth/local/views.py | 4 ++-- realms/modules/auth/oauth/views.py | 2 +- realms/modules/auth/views.py | 4 +++- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/realms/modules/auth/ldap/views.py b/realms/modules/auth/ldap/views.py index 7ab82f4..4a16cfa 100644 --- a/realms/modules/auth/ldap/views.py +++ b/realms/modules/auth/ldap/views.py @@ -1,4 +1,4 @@ -from flask import current_app, request, redirect, Blueprint, flash, url_for +from flask import current_app, request, redirect, Blueprint, flash, url_for, session from ..ldap.models import User from flask_ldap_login import LDAPLoginForm @@ -14,6 +14,6 @@ def login(): return redirect(url_for('auth.login')) if User.auth(form.user, request.form['password']): - return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT'])) + return redirect(session.get("next_url") or url_for(current_app.config['ROOT_ENDPOINT'])) else: return redirect(url_for('auth.login')) diff --git a/realms/modules/auth/local/views.py b/realms/modules/auth/local/views.py index c863d0e..e4b02e6 100644 --- a/realms/modules/auth/local/views.py +++ b/realms/modules/auth/local/views.py @@ -1,4 +1,4 @@ -from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for +from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for, session from realms.modules.auth.local.models import User from realms.modules.auth.local.forms import LoginForm, RegistrationForm @@ -46,6 +46,6 @@ def register(): User.create(request.form['username'], request.form['email'], request.form['password']) User.auth(request.form['email'], request.form['password']) - return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT'])) + return redirect(session.get("next_url") or url_for(current_app.config['ROOT_ENDPOINT'])) return render_template("auth/register.html", form=form) diff --git a/realms/modules/auth/oauth/views.py b/realms/modules/auth/oauth/views.py index 3eb99e4..45222e5 100644 --- a/realms/modules/auth/oauth/views.py +++ b/realms/modules/auth/oauth/views.py @@ -16,7 +16,7 @@ def login(provider): @blueprint.route('/login/oauth//callback') def callback(provider): - next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT']) + next_url = session.get('next_url') or url_for(current_app.config['ROOT_ENDPOINT']) try: remote_app = User.get_app(provider) resp = remote_app.authorized_response() diff --git a/realms/modules/auth/views.py b/realms/modules/auth/views.py index 8ca607f..df67859 100644 --- a/realms/modules/auth/views.py +++ b/realms/modules/auth/views.py @@ -1,4 +1,4 @@ -from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for +from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for, session from flask.ext.login import logout_user from realms.modules.auth.models import Auth @@ -7,6 +7,8 @@ blueprint = Blueprint('auth', __name__) @blueprint.route("/login", methods=['GET', 'POST']) def login(): + next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT']) + session['next_url'] = next_url return render_template("auth/login.html", forms=Auth.login_forms()) From cb8c6fdabaab541c8b9ed40078dd2c2644850c1f Mon Sep 17 00:00:00 2001 From: Chase Sterling Date: Sat, 9 Jul 2016 00:47:46 -0400 Subject: [PATCH 2/8] Redirect back to current page when login button is clicked --- realms/templates/layout.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/realms/templates/layout.html b/realms/templates/layout.html index 4eb1717..7691adb 100644 --- a/realms/templates/layout.html +++ b/realms/templates/layout.html @@ -72,7 +72,7 @@ {% else %} -
  •  Login
  • +
  •  Login
  • {% if config.REGISTRATION_ENABLED and 'auth.local' in config.MODULES %}
  •  Register
  • {% endif %} From f7bb21dd2bcbb4a12d9fcd5e79350f01c0db46c5 Mon Sep 17 00:00:00 2001 From: Chase Sterling Date: Wed, 13 Jul 2016 20:43:06 -0400 Subject: [PATCH 3/8] Start updating flask and flask modules --- realms/__init__.py | 7 ++++--- realms/modules/wiki/views.py | 14 +++++++------- realms/templates/layout.html | 4 ++-- setup.py | 12 ++++++------ 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/realms/__init__.py b/realms/__init__.py index 8c4c571..ee4f6b2 100644 --- a/realms/__init__.py +++ b/realms/__init__.py @@ -180,9 +180,10 @@ def create_app(config=None): db.Model = declarative_base(metaclass=HookModelMeta, cls=HookMixin) - for status_code in httplib.responses: - if status_code >= 400: - app.register_error_handler(status_code, error_handler) + # TODO: This caused a crash with a more recent flask. Figure out what it does. + # for status_code in httplib.responses: + # if status_code >= 400: + # app.register_error_handler(status_code, error_handler) @app.before_request def init_g(): diff --git a/realms/modules/wiki/views.py b/realms/modules/wiki/views.py index a5a2e40..87db1d3 100644 --- a/realms/modules/wiki/views.py +++ b/realms/modules/wiki/views.py @@ -11,7 +11,7 @@ blueprint = Blueprint('wiki', __name__) @blueprint.route("/_commit//") def commit(name, sha): - if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous(): + if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous: return current_app.login_manager.unauthorized() cname = to_canonical(name) @@ -26,7 +26,7 @@ def commit(name, sha): @blueprint.route(r"/_compare//") def compare(name, fsha, dots, lsha): - if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous(): + if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous: return current_app.login_manager.unauthorized() diff = g.current_wiki.get_page(name, sha=lsha).compare(fsha) @@ -41,7 +41,7 @@ def revert(): commit = request.form.get('commit') message = request.form.get('message', "Reverting %s" % cname) - if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous(): + if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous: return dict(error=True, message="Anonymous posting not allowed"), 403 if cname in current_app.config.get('WIKI_LOCKED_PAGES'): @@ -63,7 +63,7 @@ def revert(): @blueprint.route("/_history/") def history(name): - if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous(): + if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous: return current_app.login_manager.unauthorized() return render_template('wiki/history.html', name=name) @@ -165,7 +165,7 @@ def _tree_index(items, path=""): @blueprint.route("/_index", defaults={"path": ""}) @blueprint.route("/_index/") def index(path): - if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous(): + if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous: return current_app.login_manager.unauthorized() items = g.current_wiki.get_index() @@ -186,7 +186,7 @@ def page_write(name): if not cname: return dict(error=True, message="Invalid name") - if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous(): + if not current_app.config.get('ALLOW_ANON') and current_user.is_anonymous: return dict(error=True, message="Anonymous posting not allowed"), 403 if request.method == 'POST': @@ -230,7 +230,7 @@ def page_write(name): @blueprint.route("/", defaults={'name': 'home'}) @blueprint.route("/") def page(name): - if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous(): + if current_app.config.get('PRIVATE_WIKI') and current_user.is_anonymous: return current_app.login_manager.unauthorized() cname = to_canonical(name) diff --git a/realms/templates/layout.html b/realms/templates/layout.html index 4eb1717..a8ee14c 100644 --- a/realms/templates/layout.html +++ b/realms/templates/layout.html @@ -58,7 +58,7 @@ - {% if current_user.is_authenticated() %} + {% if current_user.is_authenticated %}