Mercurial > libervia-web
comparison libervia/server/pages.py @ 1173:0f37b65fe7c2
server: replaced wrong usage of C.HTTP_UNAUTHORIZED by C.HTTP_FORBIDDEN
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 03 May 2019 20:51:22 +0200 |
| parents | 469d0de8da0e |
| children | ab858db9dbee |
comparison
equal
deleted
inserted
replaced
| 1172:7b8e123ba043 | 1173:0f37b65fe7c2 |
|---|---|
| 1302 log.warning( | 1302 log.warning( |
| 1303 _(u"invalid CSRF token, hack attempt? URL: {url}, IP: {ip}").format( | 1303 _(u"invalid CSRF token, hack attempt? URL: {url}, IP: {ip}").format( |
| 1304 url=request.uri, ip=request.getClientIP() | 1304 url=request.uri, ip=request.getClientIP() |
| 1305 ) | 1305 ) |
| 1306 ) | 1306 ) |
| 1307 self.pageError(request, C.HTTP_UNAUTHORIZED) | 1307 self.pageError(request, C.HTTP_FORBIDDEN) |
| 1308 d = defer.maybeDeferred(self.on_data_post, self, request) | 1308 d = defer.maybeDeferred(self.on_data_post, self, request) |
| 1309 d.addCallback(self._on_data_post_redirect, request) | 1309 d.addCallback(self._on_data_post_redirect, request) |
| 1310 return d | 1310 return d |
| 1311 | 1311 |
| 1312 def getPostedData(self, request, keys, multiple=False): | 1312 def getPostedData(self, request, keys, multiple=False): |
| 1388 return request.data | 1388 return request.data |
| 1389 | 1389 |
| 1390 def _checkAccess(self, data, request): | 1390 def _checkAccess(self, data, request): |
| 1391 """Check access according to self.access | 1391 """Check access according to self.access |
| 1392 | 1392 |
| 1393 if access is not granted, show a HTTP_UNAUTHORIZED pageError and stop request, | 1393 if access is not granted, show a HTTP_FORBIDDEN pageError and stop request, |
| 1394 else return data (so it can be inserted in deferred chain | 1394 else return data (so it can be inserted in deferred chain |
| 1395 """ | 1395 """ |
| 1396 if self.access == C.PAGES_ACCESS_PUBLIC: | 1396 if self.access == C.PAGES_ACCESS_PUBLIC: |
| 1397 pass | 1397 pass |
| 1398 elif self.access == C.PAGES_ACCESS_PROFILE: | 1398 elif self.access == C.PAGES_ACCESS_PROFILE: |
| 1399 profile = self.getProfile(request) | 1399 profile = self.getProfile(request) |
| 1400 if not profile: | 1400 if not profile: |
| 1401 # no session started | 1401 # no session started |
| 1402 if not self.host.options["allow_registration"]: | 1402 if not self.host.options["allow_registration"]: |
| 1403 # registration not allowed, access is not granted | 1403 # registration not allowed, access is not granted |
| 1404 self.pageError(request, C.HTTP_UNAUTHORIZED) | 1404 self.pageError(request, C.HTTP_FORBIDDEN) |
| 1405 else: | 1405 else: |
| 1406 # registration allowed, we redirect to login page | 1406 # registration allowed, we redirect to login page |
| 1407 login_url = self.getPageRedirectURL(request) | 1407 login_url = self.getPageRedirectURL(request) |
| 1408 self.HTTPRedirect(request, login_url) | 1408 self.HTTPRedirect(request, login_url) |
| 1409 | 1409 |