1. Reading eppa value from request header

2. Sending to error page of eppa not valid

1. Reading eppa value from request header
2. Sending to error page of eppa not valid
91b50d6b · Krish Moodbidri · 5f9c3f16 · 91b50d6b
Commit 91b50d6b authored 3 years ago by Krish Moodbidri
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -12,6 +12,7 @@ from flask_bootstrap import Bootstrap
 import random
 import os
 import json
+import sys

 def create_app(config_name):
    app = Flask(__name__, static_folder='static') # initialization of the flask app
@@ -22,11 +23,13 @@ def create_app(config_name):
        username_key = list(filter(lambda key: (request.headers.get(key)  is not None), vars.username_key))
        fullname_key = list(filter(lambda key: (request.headers.get(key) is not None), vars.fullname_key))
        email_key = list(filter(lambda key: (request.headers.get(key) is not None), vars.email_key))
+        eppa_key = list(filter(lambda key: (request.headers.get(key) is not None), vars.eppa_key))

        user = {
            "username": (request.headers.get(username_key[0]) if len(username_key) > 0 else None),
            "fullname": (request.headers.get(fullname_key[0]) if len(fullname_key) > 0 else None),
            "email": (request.headers.get(email_key[0]) if len(email_key) > 0 else None),
+            "eppa": (request.headers.get(eppa_key[0]) if len(eppa_key) > 0 else None),
        }

        return user
@@ -34,6 +37,7 @@ def create_app(config_name):
    @app.route('/', methods=['GET', 'POST']) # initial route to display the reg page
    def index():

+        valid_eppa = ["staff", "faculty", "student"]
        invalid_state = ["blocked", "certification"]

        if 'uid' not in session:
@@ -42,16 +46,14 @@ def create_app(config_name):
        if 'user' not in session:
            session["user"] = get_authorized_user()

-        if "redir" in request.args and 'return_url' not in session: # check for redir arg in url
-            session['return_url'] = request.args.get("redir")
+        session['return_url'] = request.args.get('redir', vars.default_referrer)

-        elif "redir" not in request.args and 'return_url' not in session:
-            session['return_url'] = vars.default_referrer
-        else:
-            session['return_url'] = request.referrer
+
+        if session['user'].get('eppa') in not valid_eppa:
+            return render_template('errors/error.html', title='shibboleth error')

        if rc_util.check_state(session['user'].get('username')) in invalid_state:
-            return render_template('errors/error.html', title='account creation failed')
+            return render_template('errors/error.html', title='account state error')
        
        else:
            return render_template('auth/SignUp.html', room_id=session['uid'],
@@ -62,6 +64,8 @@ def create_app(config_name):
                               cancel_msg=messages.cancel_message,
                               error_msg=messages.error_message)

+
+
    @app.route('/error_account')
    def error_account_create():    
        return render_template('errors/error.html', title='account creation failed')