From 2641e8d4c674e9d80de1b834cbe82b9c1394fba2 Mon Sep 17 00:00:00 2001 From: stefan Date: Fri, 9 Oct 2009 13:51:35 +0000 Subject: [PATCH] Improve login failure response. git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4369 57a73879-2fb5-44c3-a270-3262357dd7e2 --- roundup/cgi/client.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index ea973f3..9698074 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -489,13 +489,23 @@ class Client: self.additional_headers['Location'] = str(url) self.response_code = 302 self.write_html('Redirecting to %s'%(url, url)) + except LoginError, message: + # The user tried to log in, but did not provide a valid + # username and password. If we support HTTP + # authorization, send back a response that will cause the + # browser to prompt the user again. + if self.instance.config.WEB_HTTP_AUTH: + self.response_code = httplib.UNAUTHORIZED + realm = self.instance.config.TRACKER_NAME + self.setHeader("WWW-Authenticate", + "Basic realm=\"%s\"" % realm) + else: + self.response_code = httplib.FORBIDDEN + self.renderFrontPage(message) except Unauthorised, message: # users may always see the front page self.response_code = 403 - self.classname = self.nodeid = None - self.template = '' - self.error_message.append(message) - self.write_html(self.renderContext()) + self.renderFrontPage(message) except NotModified: # send the 304 response self.response_code = 304 @@ -676,7 +686,7 @@ class Client: login.verifyLogin(username, password) except LoginError, err: self.make_user_anonymous() - raise Unauthorised, err + raise user = username # if user was not set by http authorization, try session lookup @@ -972,6 +982,14 @@ class Client: encode_quopri(message) self.mailer.smtp_send(to, str(message)) + def renderFrontPage(self, message): + """Return the front page of the tracker.""" + + self.classname = self.nodeid = None + self.template = '' + self.error_message.append(message) + self.write_html(self.renderContext()) + def renderContext(self): """ Return a PageTemplate for the named page """ -- 2.30.2