mirror of https://github.com/CIRCL/AIL-framework
chg: [UI] abort 403 and 404
parent
8ab66e7309
commit
df4969be82
|
@ -274,6 +274,14 @@ def _handle_client_error(e):
|
|||
else:
|
||||
return e
|
||||
|
||||
@app.errorhandler(403)
|
||||
def error_page_not_found(e):
|
||||
if request.path.startswith('/api/'): ## # TODO: add baseUrl
|
||||
return Response(json.dumps({"status": "error", "reason": "403 Access Denied"}) + '\n', mimetype='application/json'), 403
|
||||
else:
|
||||
# avoid endpoint enumeration
|
||||
return page_forbidden(e)
|
||||
|
||||
@app.errorhandler(404)
|
||||
def error_page_not_found(e):
|
||||
if request.path.startswith('/api/'): ## # TODO: add baseUrl
|
||||
|
@ -289,6 +297,10 @@ def _handle_client_error(e):
|
|||
else:
|
||||
return e
|
||||
|
||||
@login_required
|
||||
def page_forbidden(e):
|
||||
return render_template("error/403.html"), 403
|
||||
|
||||
@login_required
|
||||
def page_not_found(e):
|
||||
# avoid endpoint enumeration
|
||||
|
|
|
@ -51,6 +51,10 @@ def api_validator(message, code):
|
|||
|
||||
|
||||
def create_json_response(data, status_code):
|
||||
if status_code == 403:
|
||||
abort(403)
|
||||
elif status_code == 404:
|
||||
abort(404)
|
||||
return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
|
||||
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ import os
|
|||
import sys
|
||||
import json
|
||||
|
||||
from flask import render_template, jsonify, request, Blueprint, redirect, url_for, Response
|
||||
from flask import render_template, jsonify, request, Blueprint, redirect, url_for, Response, abort
|
||||
from flask_login import login_required, current_user
|
||||
|
||||
sys.path.append('modules')
|
||||
|
@ -45,6 +45,10 @@ def api_validator(api_response):
|
|||
return Response(json.dumps(api_response[0], indent=2, sort_keys=True), mimetype='application/json'), api_response[1]
|
||||
|
||||
def create_json_response(data, status_code):
|
||||
if status_code == 403:
|
||||
abort(403)
|
||||
elif status_code == 404:
|
||||
abort(404)
|
||||
return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
|
||||
|
||||
# ============= ROUTES ==============
|
||||
|
@ -330,7 +334,7 @@ def tracker_edit():
|
|||
tracker_uuid = request.args.get('uuid', None)
|
||||
res = Tracker.api_check_tracker_acl(tracker_uuid, user_org, user_id, user_role, 'edit')
|
||||
if res: # invalid access
|
||||
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||
return create_json_response(res[0], res[1])
|
||||
|
||||
tracker = Tracker.Tracker(tracker_uuid)
|
||||
dict_tracker = tracker.get_meta(options={'description', 'level', 'mails', 'filters', 'tags', 'webhooks'})
|
||||
|
@ -446,7 +450,7 @@ def tracker_objects():
|
|||
tracker_uuid = request.args.get('uuid', None)
|
||||
res = Tracker.api_check_tracker_acl(tracker_uuid, user_org, user_id, user_role, 'edit')
|
||||
if res: # invalid access
|
||||
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||
return create_json_response(res[0], res[1])
|
||||
|
||||
tracker = Tracker.Tracker(tracker_uuid)
|
||||
meta = tracker.get_meta(options={'description', 'sparkline', 'tags', 'nb_objs'})
|
||||
|
|
|
@ -34,6 +34,10 @@ bootstrap_label = Flask_config.bootstrap_label
|
|||
|
||||
# ============ FUNCTIONS ============
|
||||
def create_json_response(data, status_code):
|
||||
if status_code == 403:
|
||||
abort(403)
|
||||
elif status_code == 404:
|
||||
abort(404)
|
||||
return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
|
||||
|
||||
# ============= ROUTES ==============
|
||||
|
|
Loading…
Reference in New Issue