auth: Use config_error instead of JsonableError in remote_user_sso.

2025-11-04 05:53:43 +00:00 · 2019-12-11 23:13:21 +01:00
parent e955bfde83
commit 4eb629e276
4 changed files with 28 additions and 6 deletions
--- a/templates/zerver/config_error.html
+++ b/templates/zerver/config_error.html
@@ -93,6 +93,18 @@
                        </p>
                        {% endif %}
                    {% endif %}
+
+                    {% if remoteuser_error_backend_disabled %}
+                    <p>
+                        Authentication via the REMOTE_USER header is
+                        disabled in `/etc/zulip/settings.py`.
+                    </p>
+                    {% endif %}
+                    {% if remoteuser_error_remote_user_header_missing %}
+                    <p>
+                        The REMOTE_USER header is not set.
+                    </p>
+                    {% endif %}
                    <p>After making your changes, remember to restart
                    the Zulip server.</p>
                </div>
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -2225,7 +2225,10 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
    def test_login_failure(self) -> None:
        email = self.example_email("hamlet")
        result = self.client_post('/accounts/login/sso/', REMOTE_USER=email)
-        self.assert_json_error(result, "This authentication backend is disabled.")
+        self.assertEqual(result.status_code, 302)
+
+        result = self.client_get(result["Location"])
+        self.assert_in_response("Authentication via the REMOTE_USER header is", result)
        self.assert_logged_in_user_id(None)

    def test_login_failure_due_to_nonexisting_user(self) -> None:
@@ -2245,7 +2248,10 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
    def test_login_failure_due_to_missing_field(self) -> None:
        with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipRemoteUserBackend',)):
            result = self.client_post('/accounts/login/sso/')
-            self.assert_json_error_contains(result, "No REMOTE_USER set.", 400)
+            self.assertEqual(result.status_code, 302)
+
+            result = self.client_get(result["Location"])
+            self.assert_in_response("The REMOTE_USER header is not set.", result)

    def test_login_failure_due_to_wrong_subdomain(self) -> None:
        email = self.example_email("hamlet")
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -260,14 +260,12 @@ def remote_user_sso(request: HttpRequest,
        realm = None

    if not auth_enabled_helper([ZulipRemoteUserBackend.auth_backend_name], realm):
-        raise JsonableError(_("This authentication backend is disabled."))
+        return redirect_to_config_error("remoteuser/backend_disabled")

    try:
        remote_user = request.META["REMOTE_USER"]
    except KeyError:
-        # TODO: Arguably the JsonableError values here should be
-        # full-page HTML configuration errors instead.
-        raise JsonableError(_("No REMOTE_USER set."))
+        return redirect_to_config_error("remoteuser/remote_user_header_missing")

    # Django invokes authenticate methods by matching arguments, and this
    # authentication flow will not invoke LDAP authentication because of
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -585,6 +585,12 @@ i18n_urls = [
    url(r'^config-error/saml$', TemplateView.as_view(
        template_name='zerver/config_error.html',),
        {'saml_error': True},),
+    url(r'^config-error/remoteuser/backend_disabled$', TemplateView.as_view(
+        template_name='zerver/config_error.html',),
+        {'remoteuser_error_backend_disabled': True},),
+    url(r'^config-error/remoteuser/remote_user_header_missing$', TemplateView.as_view(
+        template_name='zerver/config_error.html',),
+        {'remoteuser_error_remote_user_header_missing': True},),
 ]

 # Make a copy of i18n_urls so that they appear without prefix for english