You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2021/01/19 18:11:41 UTC
[allura] branch db/8384 created (now 25b96ab)
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a change to branch db/8384
in repository https://gitbox.apache.org/repos/asf/allura.git.
at 25b96ab [#8384] enforce auth during phone verification
This branch includes the following new commits:
new 25b96ab [#8384] enforce auth during phone verification
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[allura] 01/01: [#8384] enforce auth during phone verification
Posted by br...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch db/8384
in repository https://gitbox.apache.org/repos/asf/allura.git
commit 25b96ab216a032401e3a751d492b96d7a9d2b663
Author: Dave Brondsema <db...@slashdotmedia.com>
AuthorDate: Tue Jan 19 13:11:21 2021 -0500
[#8384] enforce auth during phone verification
---
Allura/allura/controllers/project.py | 4 ++++
Allura/allura/lib/custom_middleware.py | 3 ++-
Allura/allura/public/nf/js/phone-verification.js | 5 ++++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/Allura/allura/controllers/project.py b/Allura/allura/controllers/project.py
index 5374a8c..649eccc 100644
--- a/Allura/allura/controllers/project.py
+++ b/Allura/allura/controllers/project.py
@@ -166,10 +166,12 @@ class NeighborhoodController(object):
@expose('jinja:allura:templates/phone_verification_fragment.html')
def phone_verification_fragment(self, *args, **kw):
+ require_access(self.neighborhood, 'register')
return {}
@expose('json:')
def verify_phone(self, number, **kw):
+ require_access(self.neighborhood, 'register')
p = plugin.ProjectRegistrationProvider.get()
result = p.verify_phone(c.user, number)
request_id = result.pop('request_id', None)
@@ -185,6 +187,7 @@ class NeighborhoodController(object):
@expose('json:')
def check_phone_verification(self, pin, **kw):
+ require_access(self.neighborhood, 'register')
p = plugin.ProjectRegistrationProvider.get()
request_id = session.get('phone_verification.request_id')
number_hash = session.get('phone_verification.number_hash')
@@ -197,6 +200,7 @@ class NeighborhoodController(object):
@expose('json:')
@validate(W.add_project)
def check_names(self, **raw_data):
+ require_access(self.neighborhood, 'register')
return c.form_errors
@h.vardec
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index bf6ce72..6b17600 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -34,6 +34,7 @@ import six
from ming.odm import session
from allura.lib import helpers as h
+from allura.lib.utils import is_ajax
from allura import model as M
import allura.model.repository
from six.moves import range
@@ -157,7 +158,7 @@ class LoginRedirectMiddleware(object):
def __call__(self, environ, start_response):
status, headers, app_iter, exc_info = call_wsgi_application(self.app, environ)
is_api_request = environ.get('PATH_INFO', '').startswith(str('/rest/'))
- if status[:3] == '401' and not is_api_request:
+ if status[:3] == '401' and not is_api_request and not is_ajax(Request(environ)):
login_url = tg.config.get('auth.login_url', '/auth/')
if environ['REQUEST_METHOD'] == 'GET':
return_to = environ['PATH_INFO']
diff --git a/Allura/allura/public/nf/js/phone-verification.js b/Allura/allura/public/nf/js/phone-verification.js
index 32826be..e866fcd 100644
--- a/Allura/allura/public/nf/js/phone-verification.js
+++ b/Allura/allura/public/nf/js/phone-verification.js
@@ -143,8 +143,11 @@ var FormStepMixin = {
} else {
set_state({error: resp.error});
}
- }.bind(this)).fail(function() {
+ }.bind(this)).fail(function(xhr) {
var error = 'Request to API failed, please try again';
+ if (xhr.status === 401) {
+ error = 'Authentication issue. Please <a href="/p/add_project" target=_top>reload the page</a> and make sure you are logged in.';
+ }
set_state({error: error});
}).always(function() {
set_state({in_progress: false});