1
0
forked from ScoDoc/ScoDoc

Evite les erreurs de formulaires POST quand l'utilisateur s'est déconnecté dans un autre onglet

This commit is contained in:
Emmanuel Viennet 2021-10-13 21:00:03 +02:00
parent 1b8186e69b
commit 9694ba61c4
3 changed files with 21 additions and 6 deletions

View File

@ -46,7 +46,10 @@ def login():
if not next_page or url_parse(next_page).netloc != "": if not next_page or url_parse(next_page).netloc != "":
next_page = url_for("scodoc.index") next_page = url_for("scodoc.index")
return redirect(next_page) return redirect(next_page)
return render_template("auth/login.html", title=_("Sign In"), form=form) message = request.args.get("message", "")
return render_template(
"auth/login.html", title=_("Sign In"), form=form, message=message
)
@bp.route("/logout") @bp.route("/logout")

View File

@ -10,12 +10,10 @@ import logging
import werkzeug import werkzeug
from werkzeug.exceptions import BadRequest from werkzeug.exceptions import BadRequest
import flask import flask
from flask import g from flask import g, current_app, request
from flask import abort, current_app from flask import abort, url_for, redirect
from flask import request
from flask_login import current_user from flask_login import current_user
from flask_login import login_required from flask_login import login_required
from flask import current_app
import flask_login import flask_login
import app import app
@ -52,6 +50,15 @@ def scodoc(func):
@wraps(func) @wraps(func)
def scodoc_function(*args, **kwargs): def scodoc_function(*args, **kwargs):
# interdit les POST si pas loggué
if request.method == "POST" and not current_user.is_authenticated:
current_app.logger.info("POST by non authenticated user")
return redirect(
url_for(
"auth.login",
message="La page a expiré. Identifiez-vous et recommencez l'opération",
)
)
if "scodoc_dept" in kwargs: if "scodoc_dept" in kwargs:
dept_acronym = kwargs["scodoc_dept"] dept_acronym = kwargs["scodoc_dept"]
# current_app.logger.info("setting dept to " + dept_acronym) # current_app.logger.info("setting dept to " + dept_acronym)
@ -81,7 +88,7 @@ def permission_required(permission):
def permission_required_compat_scodoc7(permission): def permission_required_compat_scodoc7(permission):
"""Décorateur pour les fonctions utilisée comme API dans ScoDoc 7 """Décorateur pour les fonctions utilisées comme API dans ScoDoc 7
Comme @permission_required mais autorise de passer directement Comme @permission_required mais autorise de passer directement
les informations d'auth en paramètres: les informations d'auth en paramètres:
__ac_name, __ac_password __ac_name, __ac_password

View File

@ -2,6 +2,11 @@
{% import 'bootstrap/wtf.html' as wtf %} {% import 'bootstrap/wtf.html' as wtf %}
{% block app_content %} {% block app_content %}
{% if message %}
<div class="alert alert-danger" role="alert">{{ message }}</div>
{% endif %}
<h1>Connexion</h1> <h1>Connexion</h1>
<div class="row"> <div class="row">
<div class="col-md-4"> <div class="col-md-4">