From 3cf558d594101ebc2df1870fd6eb81fef12e33df Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 14 Sep 2020 21:52:25 +0200 Subject: [PATCH] providers/*: pass policy result objects when access denied --- passbook/providers/oauth2/views/authorize.py | 4 ++-- passbook/providers/saml/views.py | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/passbook/providers/oauth2/views/authorize.py b/passbook/providers/oauth2/views/authorize.py index 5a24ca8dd..5ed79eae1 100644 --- a/passbook/providers/oauth2/views/authorize.py +++ b/passbook/providers/oauth2/views/authorize.py @@ -323,7 +323,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View): try: application = self.provider_to_application(provider) except Application.DoesNotExist: - return self.handle_no_permission_authorized() + return self.handle_no_permission_authenticated() # Check if user is unauthenticated, so we pass the application # for the identification stage if not request.user.is_authenticated: @@ -331,7 +331,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View): # Check permissions result = self.user_has_access(application) if not result.passing: - return self.handle_no_permission_authorized() + return self.handle_no_permission_authenticated(result) # TODO: End block # Extract params so we can save them in the plan context try: diff --git a/passbook/providers/saml/views.py b/passbook/providers/saml/views.py index f2162b5e8..53630374c 100644 --- a/passbook/providers/saml/views.py +++ b/passbook/providers/saml/views.py @@ -62,8 +62,9 @@ class SAMLSSOView(PolicyAccessMixin, View): ) if not request.user.is_authenticated: return self.handle_no_permission(self.application) - if not self.user_has_access(self.application).passing: - return self.handle_no_permission_authorized() + has_access = self.user_has_access(self.application) + if not has_access.passing: + return self.handle_no_permission_authenticated(has_access) # Call the method handler, which checks the SAML Request method_response = super().dispatch(request, *args, application_slug, **kwargs) if method_response: