You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by di...@apache.org on 2021/01/22 15:47:26 UTC
[allura] branch master updated: [#8384] enforce auth during phone
verification
This is an automated email from the ASF dual-hosted git repository.
dill0wn pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 61821bf [#8384] enforce auth during phone verification
61821bf is described below
commit 61821bfee31c7b6e962bc2130a2067716c537099
Author: Dave Brondsema <db...@slashdotmedia.com>
AuthorDate: Tue Jan 19 13:11:21 2021 -0500
[#8384] enforce auth during phone verification
---
Allura/allura/controllers/project.py | 4 ++++
Allura/allura/lib/custom_middleware.py | 3 ++-
Allura/allura/public/nf/js/phone-verification.js | 5 ++++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/Allura/allura/controllers/project.py b/Allura/allura/controllers/project.py
index 1d27c72..ea3ffcd 100644
--- a/Allura/allura/controllers/project.py
+++ b/Allura/allura/controllers/project.py
@@ -166,10 +166,12 @@ class NeighborhoodController(object):
@expose('jinja:allura:templates/phone_verification_fragment.html')
def phone_verification_fragment(self, *args, **kw):
+ require_access(self.neighborhood, 'register')
return {}
@expose('json:')
def verify_phone(self, number, **kw):
+ require_access(self.neighborhood, 'register')
p = plugin.ProjectRegistrationProvider.get()
result = p.verify_phone(c.user, number)
request_id = result.pop('request_id', None)
@@ -185,6 +187,7 @@ class NeighborhoodController(object):
@expose('json:')
def check_phone_verification(self, pin, **kw):
+ require_access(self.neighborhood, 'register')
p = plugin.ProjectRegistrationProvider.get()
request_id = session.get('phone_verification.request_id')
number_hash = session.get('phone_verification.number_hash')
@@ -197,6 +200,7 @@ class NeighborhoodController(object):
@expose('json:')
@validate(W.add_project)
def check_names(self, **raw_data):
+ require_access(self.neighborhood, 'register')
return c.form_errors
@h.vardec
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index bf6ce72..6b17600 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -34,6 +34,7 @@ import six
from ming.odm import session
from allura.lib import helpers as h
+from allura.lib.utils import is_ajax
from allura import model as M
import allura.model.repository
from six.moves import range
@@ -157,7 +158,7 @@ class LoginRedirectMiddleware(object):
def __call__(self, environ, start_response):
status, headers, app_iter, exc_info = call_wsgi_application(self.app, environ)
is_api_request = environ.get('PATH_INFO', '').startswith(str('/rest/'))
- if status[:3] == '401' and not is_api_request:
+ if status[:3] == '401' and not is_api_request and not is_ajax(Request(environ)):
login_url = tg.config.get('auth.login_url', '/auth/')
if environ['REQUEST_METHOD'] == 'GET':
return_to = environ['PATH_INFO']
diff --git a/Allura/allura/public/nf/js/phone-verification.js b/Allura/allura/public/nf/js/phone-verification.js
index 32826be..e866fcd 100644
--- a/Allura/allura/public/nf/js/phone-verification.js
+++ b/Allura/allura/public/nf/js/phone-verification.js
@@ -143,8 +143,11 @@ var FormStepMixin = {
} else {
set_state({error: resp.error});
}
- }.bind(this)).fail(function() {
+ }.bind(this)).fail(function(xhr) {
var error = 'Request to API failed, please try again';
+ if (xhr.status === 401) {
+ error = 'Authentication issue. Please <a href="/p/add_project" target=_top>reload the page</a> and make sure you are logged in.';
+ }
set_state({error: error});
}).always(function() {
set_state({in_progress: false});