Ticket #5515: 5515_make_403_errors_customizable.diff
| File 5515_make_403_errors_customizable.diff, 8.8 KB (added by , 16 years ago) |
|---|
-
django/conf/urls/defaults.py
1 1 from django.core.urlresolvers import RegexURLPattern, RegexURLResolver 2 2 from django.core.exceptions import ImproperlyConfigured 3 3 4 __all__ = ['handler40 4', 'handler500', 'include', 'patterns', 'url']4 __all__ = ['handler403', 'handler404', 'handler500', 'include', 'patterns', 'url'] 5 5 6 handler403 = 'django.views.defaults.permission_denied' 6 7 handler404 = 'django.views.defaults.page_not_found' 7 8 handler500 = 'django.views.defaults.server_error' 8 9 -
django/core/urlresolvers.py
268 268 except (ImportError, AttributeError), e: 269 269 raise ViewDoesNotExist, "Tried %s. Error was: %s" % (callback, str(e)) 270 270 271 def resolve403(self): 272 return self._resolve_special('403') 273 271 274 def resolve404(self): 272 275 return self._resolve_special('404') 273 276 -
django/core/handlers/base.py
105 105 else: 106 106 callback, param_dict = resolver.resolve404() 107 107 return callback(request, **param_dict) 108 except exceptions.PermissionDenied: 109 return http.HttpResponseForbidden('<h1>Permission denied</h1>') 108 except exceptions.PermissionDenied, e: 109 callback, param_dict = resolver.resolve403() 110 param_dict['reason'] = e.message 111 return callback(request, **param_dict) 110 112 except SystemExit: 111 113 pass # See http://code.djangoproject.com/ticket/1023 112 114 except: # Handle everything else, including SuspiciousOperation, etc. -
django/core/exceptions.py
10 10 11 11 class PermissionDenied(Exception): 12 12 "The user did not have permission to do that" 13 pass 13 def __init__(self, message=None): 14 Exception.__init__(self) 15 self.message = message 14 16 15 17 class ViewDoesNotExist(Exception): 16 18 "The requested view does not exist" -
django/views/defaults.py
66 66 else: 67 67 return http.HttpResponseRedirect(absurl) 68 68 69 def permission_denied(request, template_name='403.html', reason=''): 70 """ 71 Default 403 handler. 72 73 Templates: `403.html` 74 Context: 75 request_path 76 The path of the requested URL (e.g., '/app/pages/form_page') 77 """ 78 context = { 79 'request_path': request.path, 80 'reason': reason, 81 } 82 t = loader.get_template(template_name) # You need to create a 403.html template. 83 return http.HttpResponseForbidden(t.render(RequestContext(request, context))) 84 69 85 def page_not_found(request, template_name='404.html'): 70 86 """ 71 87 Default 404 handler, which looks for the requested URL in the redirects -
django/contrib/csrf/middleware.py
6 6 7 7 """ 8 8 from django.conf import settings 9 from django.core.exceptions import PermissionDenied 9 10 from django.http import HttpResponseForbidden 10 11 from django.utils.safestring import mark_safe 11 12 import md5 12 13 import re 13 14 import itertools 14 15 15 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>')16 _ERROR_MSG = "Cross Site Request Forgery detected." 16 17 17 18 _POST_FORM_RE = \ 18 19 re.compile(r'(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', re.IGNORECASE) … … 53 54 try: 54 55 request_csrf_token = request.POST['csrfmiddlewaretoken'] 55 56 except KeyError: 56 r eturn HttpResponseForbidden(_ERROR_MSG)57 raise PermissionDenied(_ERROR_MSG) 57 58 58 59 if request_csrf_token != csrf_token: 59 r eturn HttpResponseForbidden(_ERROR_MSG)60 raise PermissionDenied(_ERROR_MSG) 60 61 61 62 return None 62 63 -
django/contrib/csrf/tests.py
1 r""" 2 >>> from django.conf import settings 3 >>> from django import http 4 >>> from django.contrib.csrf.middleware import CsrfMiddleware, _make_token 5 >>> csrf = CsrfMiddleware() 6 >>> request = http.HttpRequest() 7 >>> request.method = 'POST' 8 9 If no session exists, returns None (check not required) 10 >>> csrf.process_request(request) 11 12 If token doesn't exist, raise PermissionDenied 13 >>> request.COOKIES[settings.SESSION_COOKIE_NAME] = 'my_session_id' 14 >>> csrf.process_request(request) 15 Traceback (most recent call last): 16 ... 17 PermissionDenied 18 19 If token exists and does not match session id, raise PermissionDenied 20 >>> request.POST['csrfmiddlewaretoken'] = 'hackers_session_id' 21 >>> csrf.process_request(request) 22 Traceback (most recent call last): 23 ... 24 PermissionDenied 25 26 >>> request.POST['csrfmiddlewaretoken'] = _make_token('my_session_id') 27 >>> csrf.process_request(request) 28 29 """ 30 31 if __name__ == '__main__': 32 import doctest 33 doctest.testmod() -
tests/regressiontests/views/tests/defaults.py
25 25 response = self.client.get(short_url) 26 26 self.assertEquals(response.status_code, 404) 27 27 28 def test_permission_denied(self): 29 "A 403 status is returned by the permission_denied view" 30 response = self.client.get('/views/permission_denied_url/') 31 self.assertEquals(response.status_code, 403) 32 33 def test_permission_denied_with_reason(self): 34 "A 403 status can propagate the reason for denying to the permission_denied view" 35 response = self.client.get('/views/permission_denied_with_reason/') 36 self.assertContains(response, "Not allowed", status_code=403) 37 28 38 def test_page_not_found(self): 29 39 "A 404 status is returned by the page_not_found view" 30 40 non_existing_urls = ['/views/non_existing_url/', # this is in urls.py … … 34 44 self.assertEquals(response.status_code, 404) 35 45 36 46 def test_server_error(self): 37 " The server_error view raises a 500 status"47 "A 500 status is returned by the server_error view" 38 48 response = self.client.get('/views/server_error/') 39 49 self.assertEquals(response.status_code, 500) -
tests/regressiontests/views/views.py
1 from django.core.exceptions import PermissionDenied 1 2 from django.http import HttpResponse 2 3 from django.template import RequestContext 3 4 … … 5 6 """Dummy index page""" 6 7 return HttpResponse('<html><body>Dummy page</body></html>') 7 8 9 def generate_permission_denied_with_reason(request): 10 """Dummy page to test Permission Denied exception with reason""" 11 raise PermissionDenied("Not allowed") -
tests/regressiontests/views/urls.py
25 25 26 26 # Default views 27 27 (r'^shortcut/(\d+)/(.*)/$', 'django.views.defaults.shortcut'), 28 (r'^permission_denied_url/', 'django.views.defaults.permission_denied'), 29 (r'^permission_denied_with_reason/', views.generate_permission_denied_with_reason), 28 30 (r'^non_existing_url/', 'django.views.defaults.page_not_found'), 29 31 (r'^server_error/', 'django.views.defaults.server_error'), 30 32 -
tests/templates/403.html
1 Django Internal Tests: 403 Error 2 {{ reason }}