flows: cleanup denied view, use everywhere

2020-07-02 13:48:42 +02:00
parent 76e2ba4764
commit bead19c64c
9 changed files with 79 additions and 32 deletions
--- a/passbook/providers/oidc/auth.py
+++ b/passbook/providers/oidc/auth.py
@ -40,11 +40,11 @@ def check_permissions(
    sections/settings.html#oidc-after-userlogin-hook"""
    provider = client_related_provider(client)
    if not provider:
-        return redirect("passbook_providers_oauth:oauth2-permission-denied")
+        return redirect("passbook_flows:denied")
    try:
        application = provider.application
    except Application.DoesNotExist:
-        return redirect("passbook_providers_oauth:oauth2-permission-denied")
+        return redirect("passbook_flows:denied")
    LOGGER.debug(
        "Checking permissions for application", user=user, application=application
    )
@ -56,7 +56,7 @@ def check_permissions(
    if not result.passing:
        for policy_message in result.messages:
            messages.error(request, policy_message)
-        return redirect("passbook_providers_oauth:oauth2-permission-denied")
+        return redirect("passbook_flows:denied")

    plan: FlowPlan = request.session[SESSION_KEY_PLAN]
    Event.new(
--- a/passbook/providers/oidc/views.py
+++ b/passbook/providers/oidc/views.py
@ -1,7 +1,7 @@
 """passbook OIDC Views"""
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import HttpRequest, HttpResponse, JsonResponse
-from django.shortcuts import get_object_or_404, redirect, reverse
+from django.shortcuts import get_object_or_404, reverse
 from django.views import View
 from oidc_provider.lib.endpoints.authorize import AuthorizeEndpoint
 from oidc_provider.lib.utils.common import get_issuer, get_site_url
@ -41,11 +41,11 @@ class AuthorizationFlowInitView(PolicyAccessMixin, LoginRequiredMixin, View):
        try:
            application = self.provider_to_application(provider)
        except Application.DoesNotExist:
-            return redirect("passbook_providers_oauth:oauth2-permission-denied")
+            return self.handle_no_permission_authorized()
        # Check permissions
        result = self.user_has_access(application)
        if not result.passing:
-            return redirect("passbook_providers_oauth:oauth2-permission-denied")
+            return self.handle_no_permission_authorized()
        # Extract params so we can save them in the plan context
        endpoint = AuthorizeEndpoint(request)
        # Regardless, we start the planner and return to it