You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2021/01/19 18:11:41 UTC

[allura] branch db/8384 created (now 25b96ab)

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a change to branch db/8384
in repository https://gitbox.apache.org/repos/asf/allura.git.


      at 25b96ab  [#8384] enforce auth during phone verification

This branch includes the following new commits:

     new 25b96ab  [#8384] enforce auth during phone verification

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[allura] 01/01: [#8384] enforce auth during phone verification

Posted by br...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8384
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 25b96ab216a032401e3a751d492b96d7a9d2b663
Author: Dave Brondsema <db...@slashdotmedia.com>
AuthorDate: Tue Jan 19 13:11:21 2021 -0500

    [#8384] enforce auth during phone verification
---
 Allura/allura/controllers/project.py             | 4 ++++
 Allura/allura/lib/custom_middleware.py           | 3 ++-
 Allura/allura/public/nf/js/phone-verification.js | 5 ++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/Allura/allura/controllers/project.py b/Allura/allura/controllers/project.py
index 5374a8c..649eccc 100644
--- a/Allura/allura/controllers/project.py
+++ b/Allura/allura/controllers/project.py
@@ -166,10 +166,12 @@ class NeighborhoodController(object):
 
     @expose('jinja:allura:templates/phone_verification_fragment.html')
     def phone_verification_fragment(self, *args, **kw):
+        require_access(self.neighborhood, 'register')
         return {}
 
     @expose('json:')
     def verify_phone(self, number, **kw):
+        require_access(self.neighborhood, 'register')
         p = plugin.ProjectRegistrationProvider.get()
         result = p.verify_phone(c.user, number)
         request_id = result.pop('request_id', None)
@@ -185,6 +187,7 @@ class NeighborhoodController(object):
 
     @expose('json:')
     def check_phone_verification(self, pin, **kw):
+        require_access(self.neighborhood, 'register')
         p = plugin.ProjectRegistrationProvider.get()
         request_id = session.get('phone_verification.request_id')
         number_hash = session.get('phone_verification.number_hash')
@@ -197,6 +200,7 @@ class NeighborhoodController(object):
     @expose('json:')
     @validate(W.add_project)
     def check_names(self, **raw_data):
+        require_access(self.neighborhood, 'register')
         return c.form_errors
 
     @h.vardec
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index bf6ce72..6b17600 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -34,6 +34,7 @@ import six
 from ming.odm import session
 
 from allura.lib import helpers as h
+from allura.lib.utils import is_ajax
 from allura import model as M
 import allura.model.repository
 from six.moves import range
@@ -157,7 +158,7 @@ class LoginRedirectMiddleware(object):
     def __call__(self, environ, start_response):
         status, headers, app_iter, exc_info = call_wsgi_application(self.app, environ)
         is_api_request = environ.get('PATH_INFO', '').startswith(str('/rest/'))
-        if status[:3] == '401' and not is_api_request:
+        if status[:3] == '401' and not is_api_request and not is_ajax(Request(environ)):
             login_url = tg.config.get('auth.login_url', '/auth/')
             if environ['REQUEST_METHOD'] == 'GET':
                 return_to = environ['PATH_INFO']
diff --git a/Allura/allura/public/nf/js/phone-verification.js b/Allura/allura/public/nf/js/phone-verification.js
index 32826be..e866fcd 100644
--- a/Allura/allura/public/nf/js/phone-verification.js
+++ b/Allura/allura/public/nf/js/phone-verification.js
@@ -143,8 +143,11 @@ var FormStepMixin = {
       } else {
         set_state({error: resp.error});
       }
-    }.bind(this)).fail(function() {
+    }.bind(this)).fail(function(xhr) {
       var error = 'Request to API failed, please try again';
+      if (xhr.status === 401) {
+        error = 'Authentication issue.  Please <a href="/p/add_project" target=_top>reload the page</a> and make sure you are logged in.';
+      }
       set_state({error: error});
     }).always(function() {
       set_state({in_progress: false});