Commit 5f23d56a authored by azul's avatar azul

fix: render 401 ourselves

Just like 404s these were rendered by the exception app before.
Since the exception app runs as a rake middleware
after handling cookies and sessions
cookies and sessions did not work on the error pages.

This was a problem for 401s
because we render them mostly when people need to login.
However the lack of cookies and sessions broke the login form.
parent 29b4ed2b
......@@ -2,7 +2,6 @@ module Common::Application::RenderWithViewSetup
def render(*args)
setup_theme
setup_context
super(*args)
end
......
......@@ -44,7 +44,7 @@ module Common::Application::RescueErrors
# ( this is the default for errors that do not inherit from
# one of the above)
rescue_from ErrorNotFound, with: :render_not_found
rescue_from AuthenticationRequired, with: :raise
rescue_from AuthenticationRequired, with: :render_exception
rescue_from PermissionDenied, with: :raise
rescue_from Pundit::NotAuthorizedError, with: :log_and_permission_denied
......@@ -123,16 +123,21 @@ module Common::Application::RescueErrors
# `raise_not_found :file`
#
def render_not_found(exception=nil)
render_exception exception || ErrorNotFound.new(:page)
end
def render_exception(exception)
@exception = exception
status = status_for_exception(exception)
respond_to do |format|
format.html do
@exception = exception || ErrorNotFound.new(:page)
render 'exceptions/show', status: 404, layout: (!request.xhr? && 'notice')
render 'exceptions/show', status: status, layout: (!request.xhr? && 'notice')
end
format.js do
render_error_js exception, status: 404
render_error_js exception, status: status
end
format.any do
render status: 404, body: nil
render status: status, body: nil
end
end
end
......
......@@ -3,6 +3,7 @@ class Group::BaseController < ApplicationController
# default permission for all group controllers
before_action :login_required
before_action :setup_context
after_action :verify_authorized
helper 'group/links'
......
......@@ -2,7 +2,7 @@
# Abstract super class of all the Me controllers.
#
class Me::BaseController < ApplicationController
before_action :login_required, :fetch_user
before_action :login_required, :fetch_user, :setup_context
protected
......
......@@ -7,6 +7,7 @@ class Page::BaseController < ApplicationController
before_action :login_required, except: :show
before_action :bust_cache, only: :show
before_action :setup_context
after_action :verify_authorized
layout 'page'
......
......@@ -16,7 +16,7 @@ class Page::CreateController < ApplicationController
include Common::Tracking::Action
before_action :login_required
before_action :init_options, :set_owner, :catch_cancel
before_action :init_options, :set_owner, :setup_context, :catch_cancel
after_action :verify_authorized, only: :create
helper 'page/share', 'page/owner', 'page/creation'
track_actions :create
......
class Person::BaseController < ApplicationController
before_action :fetch_person
before_action :setup_context
after_action :verify_authorized
helper 'people/base'
......
class Wiki::BaseController < ApplicationController
before_action :fetch_wiki
before_action :login_required
before_action :setup_context
after_action :verify_authorized
helper 'wikis/base'
......
......@@ -31,7 +31,7 @@ class Wiki::LocksControllerTest < ActionController::TestCase
end
def test_cannot_destroy_locks_when_logged_out
assert_raises AuthenticationRequired do
assert_login_required do
delete :destroy, params: { wiki_id: @wiki }, xhr: true
end
end
......
......@@ -12,7 +12,8 @@ module FunctionalTestHelper
end
def assert_login_required(&block)
assert_raises AuthenticationRequired, &block
yield
assert_response 401
end
NOT_FOUND_ERRORS = [
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment