fix breaking change (caused by flask_login) on Geonature password cha…

…nge route (#191) fix breaking change provoked by flask_login on the password change route
PnX-SI · Nov 28, 2023 · 131c620 · 131c620
1 parent f2a1d5e
commit 131c620
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 6 deletions.
diff --git a/app/api/route_register.py b/app/api/route_register.py
@@ -122,12 +122,15 @@ def valid_temp_user():
     # recherche de l'utilisateur temporaire correspondant au token
     temp_user = db.session.query(TempUser).filter(token == TempUser.token_role).first()
     if not temp_user:
-        return {
-            "msg": f"""
+        return (
+            {
+                "msg": f"""
                 Il n'y a pas d'utilisateur temporaire correspondant au token fourni {token}.<br>
                 Il se peut que la demande de création de compte ai déjà été validée, ou bien que l'adresse de validation soit erronée.<br>
                 """
-        }, 422
+            },
+            422,
+        )
 
     req_data = temp_user.as_dict()
     # Récupération du groupe par défaut
@@ -167,6 +170,7 @@ def set_cor_role_token(email):
     Fonction pour la création d'un token associé a un id_role
     Parametres : email
     """
+
     if not email:
         return {"msg": "Aucun email"}, 404
 
@@ -220,7 +224,6 @@ def create_cor_role_token():
     data = request.get_json()
 
     email = data["email"]
-
     return set_cor_role_token(email)
 
 

diff --git a/app/app.py b/app/app.py
@@ -7,10 +7,19 @@
 import json
 import logging
 from pkg_resources import iter_entry_points
-from urllib.parse import urlsplit
+from urllib.parse import urlsplit, urlencode
 from pathlib import Path
 
-from flask import Flask, redirect, url_for, request, session, render_template, g
+from flask import (
+    Flask,
+    Response,
+    redirect,
+    url_for,
+    request,
+    session,
+    render_template,
+    g,
+)
 from werkzeug.middleware.proxy_fix import ProxyFix
 from sqlalchemy.exc import ProgrammingError
 from flask_migrate import Migrate
@@ -19,6 +28,7 @@
 
 from pypnusershub.db.models import Application
 from pypnusershub.login_manager import login_manager
+from app.utils.errors import handle_unauthenticated_request
 
 
 migrate = Migrate()
@@ -129,4 +139,6 @@ def inject_user():
                 route_register.route, url_prefix="/api_register"
             )  # noqa
 
+        app.login_manager.unauthorized_handler(handle_unauthenticated_request)
+
     return app
diff --git a/app/utils/errors.py b/app/utils/errors.py
@@ -0,0 +1,23 @@
+from flask import current_app, Response, request, redirect, url_for
+from urllib.parse import urlencode
+from werkzeug.exceptions import Unauthorized
+
+
+# Unauthorized means disconnected
+# (logged but not allowed to perform an action = Forbidden)
+
+
+def handle_unauthenticated_request():
+    """
+    To avoid returning the login page html when a route is used by geonature API
+    this function overrides `LoginManager.unauthorized()` from `flask-login` .
+
+    Returns
+    -------
+    flask.Response
+        response
+    """
+    if "application/json" in request.headers.get("Content-Type", ""):
+        raise Unauthorized
+    else:
+        return redirect(url_for("login.login", next=request.path))