Merge branch 'develop' of github.com:CESNET/exafs into develop

CESNET · Mar 8, 2024 · 1b81d2f · 1b81d2f
2 parents fe4ec95 + e9cf60c
commit 1b81d2f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/config.example.py b/config.example.py
@@ -8,10 +8,12 @@ class Config():
     # Flask testing
     TESTING = False
     # SSO auth enabled
+
     SSO_AUTH = True
     # Authentication is done outside the app, use HTTP header to get the user uuid.
     # If SSO_AUTH is set to True, this option is ignored and SSO auth is used.
     HEADER_AUTH = False
+
     # Name of HTTP header containing the UUID of authenticated user.
     # Only used when HEADER_AUTH is set to True
     AUTH_HEADER_NAME = 'X-Authenticated-User'

diff --git a/docs/AUTH.md b/docs/AUTH.md
@@ -15,13 +15,15 @@ In general the whole app should be protected by Shiboleth. However, there certai
 Shibboleth configuration example:
 
 #### shibboleth config (shib.conf):
+
 ```
 <Location />
   AuthType shibboleth
   ShibRequestSetting requireSession 1
   require shib-session
 </Location>
 
+
 <LocationMatch /api/>
   Satisfy Any
   allow from All

diff --git a/flowapp/__init__.py b/flowapp/__init__.py
@@ -88,6 +88,7 @@ def ext_login():
         header_name = app.config.get("AUTH_HEADER_NAME", 'X-Authenticated-User')
         if header_name not in request.headers:
             return render_template("errors/401.html")
+
         uuid = request.headers.get(header_name)
         if uuid:
             try:

diff --git a/flowapp/templates/errors/401.j2 b/flowapp/templates/errors/401.j2
@@ -0,0 +1,7 @@
+{% extends 'layouts/default.j2' %}
+{% block content %}
+  <h1>Could not log you in.</h1>
+  <p class="form-text">401: Unauthorized</p>
+  <p>Please log out and try logging in again.</p>
+  <p><a href="{{url_for('logout')}}">Log out</a></p>
+{% endblock %}