diff options
| author | Magnus Hagander | 2015-04-21 12:46:02 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2015-04-21 12:46:02 +0000 |
| commit | 071869e855a8fab2cccc2c8adf48f32ed1acbca6 (patch) | |
| tree | cbe92338a5d40bde161537f77f79d0492cd3d395 | |
| parent | 6e4f2d38d75259324f07ffc6be8cfb3f2572ab66 (diff) | |
Return proper errorcodes from auth plugin
Instead of raising an exception which will cause both a server log
and an email to be sent, return a proper http 400 message when the
incoming authentication request is bad. This will also show the
proper error message to the client, instead of a generic internal
server error.
| -rw-r--r-- | pgcommitfest/auth.py | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/pgcommitfest/auth.py b/pgcommitfest/auth.py index b17efd8..6ee9719 100644 --- a/pgcommitfest/auth.py +++ b/pgcommitfest/auth.py @@ -82,9 +82,9 @@ def auth_receive(request): return HttpResponseRedirect('/') if not request.GET.has_key('i'): - raise Exception("Missing IV") + return HttpResponse("Missing IV in url!", status=400) if not request.GET.has_key('d'): - raise Exception("Missing data!") + return HttpResponse("Missing data in url!", status=400) # Set up an AES object and decrypt the data we received decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY), @@ -95,12 +95,12 @@ def auth_receive(request): # Now un-urlencode it try: data = urlparse.parse_qs(s, strict_parsing=True) - except ValueError, e: - raise Exception("Invalid encrypted data received.") + except ValueError: + return HttpResponse("Invalid encrypted data received.", status=400) # Check the timestamp in the authentication if (int(data['t'][0]) < time.time() - 10): - raise Exception("Authentication token too old.") + return HttpResponse("Authentication token too old.", status=400) # Update the user record (if any) try: @@ -118,7 +118,7 @@ def auth_receive(request): changed= True if changed: user.save() - except User.DoesNotExist, e: + except User.DoesNotExist: # User not found, create it! # NOTE! We have some legacy users where there is a user in @@ -162,14 +162,14 @@ We apologize for the inconvenience. try: rdata = urlparse.parse_qs(s, strict_parsing=True) except ValueError: - raise Exception("Invalid encrypted data received.") + return HttpResponse("Invalid encrypted data received.", status=400) if rdata.has_key('r'): # Redirect address return HttpResponseRedirect(rdata['r'][0]) # No redirect specified, see if we have it in our settings if hasattr(settings, 'PGAUTH_REDIRECT_SUCCESS'): return HttpResponseRedirect(settings.PGAUTH_REDIRECT_SUCCESS) - raise Exception("Authentication successful, but don't know where to redirect!") + return HttpResponse("Authentication successful, but don't know where to redirect!", status=500) # Perform a search in the central system. Note that the results are returned as an |