Fix bug when trying to add anonymous user to session

kevin1024 · kevin1024 · commit 8715f9ad9b85 · 2024-07-12T10:18:39.000-04:00
With the new json serializer, we can't serialize an AnonymousUser.  Let's
return a view that says they have no permissions instead, and prompt them to
log out
diff --git a/oauthadmin/urls.py b/oauthadmin/urls.py
@@ -11,4 +11,5 @@
     url(r"callback/", oauthadmin.views.callback),
     url(r"logout/", oauthadmin.views.logout),
     url(r"logout_redirect/", oauthadmin.views.logout_redirect),
+    url(r"no_permissions/", oauthadmin.views.no_permissions),
 ]
diff --git a/oauthadmin/views.py b/oauthadmin/views.py
@@ -84,6 +84,10 @@ def callback(request):
         return HttpResponseRedirect(request.build_absolute_uri(reverse(oauthadmin.views.login)))
 
     user = import_by_path(app_setting('GET_USER'))(token)
+
+    if user.is_anonymous():
+        return HttpResponseRedirect(reverse(oauthadmin.views.no_permissions))
+
     serialized_user = serializers.serialize("json", [user])
 
     request.session['last_verified_at'] = int(time())
@@ -109,3 +113,9 @@ def logout(request):
 
 def logout_redirect(request):
     return redirect(app_setting('BASE_URL') + 'logout?next=' + quote_plus(request.build_absolute_uri(reverse(oauthadmin.views.logout))))
+
+
+def no_permissions(request):
+    logout_url = app_setting('BASE_URL') + 'logout?next=' + quote_plus(request.build_absolute_uri(reverse(oauthadmin.views.logout)))
+    return HttpResponse('Sorry, your user does not have permission to access this application.  Please <a href="{0}">Log Out</a> and try again'.format(logout_url))
+

Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,5 @@`
`11`	`11`	`url(r"callback/", oauthadmin.views.callback),`
`12`	`12`	`url(r"logout/", oauthadmin.views.logout),`
`13`	`13`	`url(r"logout_redirect/", oauthadmin.views.logout_redirect),`
	`14`	`+ url(r"no_permissions/", oauthadmin.views.no_permissions),`
`14`	`15`	`]`