diff --git a/app/auth/routes.py b/app/auth/routes.py index 8f01a0c19..bf7272a75 100644 --- a/app/auth/routes.py +++ b/app/auth/routes.py @@ -46,7 +46,10 @@ def login(): if not next_page or url_parse(next_page).netloc != "": next_page = url_for("scodoc.index") return redirect(next_page) - return render_template("auth/login.html", title=_("Sign In"), form=form) + message = request.args.get("message", "") + return render_template( + "auth/login.html", title=_("Sign In"), form=form, message=message + ) @bp.route("/logout") diff --git a/app/decorators.py b/app/decorators.py index 65b89905b..df67751ae 100644 --- a/app/decorators.py +++ b/app/decorators.py @@ -10,12 +10,10 @@ import logging import werkzeug from werkzeug.exceptions import BadRequest import flask -from flask import g -from flask import abort, current_app -from flask import request +from flask import g, current_app, request +from flask import abort, url_for, redirect from flask_login import current_user from flask_login import login_required -from flask import current_app import flask_login import app @@ -52,6 +50,15 @@ def scodoc(func): @wraps(func) def scodoc_function(*args, **kwargs): + # interdit les POST si pas loggué + if request.method == "POST" and not current_user.is_authenticated: + current_app.logger.info("POST by non authenticated user") + return redirect( + url_for( + "auth.login", + message="La page a expiré. Identifiez-vous et recommencez l'opération", + ) + ) if "scodoc_dept" in kwargs: dept_acronym = kwargs["scodoc_dept"] # current_app.logger.info("setting dept to " + dept_acronym) @@ -81,7 +88,7 @@ def permission_required(permission): def permission_required_compat_scodoc7(permission): - """Décorateur pour les fonctions utilisée comme API dans ScoDoc 7 + """Décorateur pour les fonctions utilisées comme API dans ScoDoc 7 Comme @permission_required mais autorise de passer directement les informations d'auth en paramètres: __ac_name, __ac_password diff --git a/app/templates/auth/login.html b/app/templates/auth/login.html index 2685383db..d636e053e 100644 --- a/app/templates/auth/login.html +++ b/app/templates/auth/login.html @@ -2,6 +2,11 @@ {% import 'bootstrap/wtf.html' as wtf %} {% block app_content %} + +{% if message %} +