core: fix default for UNAUTHORIZED_VIEW (opr #726) (#68)

* core: fix default for UNAUTHORIZED_VIEW * Changes default to `None` to be consistent with documentation. (closes #724) * Fix url generation of UNAUTHORIZED_VIEW
Flask-Middleware · May 8, 2019 · 210fa0b · 210fa0b
1 parent b4a5d91
commit 210fa0b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/flask_security/core.py b/flask_security/core.py
@@ -76,7 +76,7 @@
     'POST_CONFIRM_VIEW': None,
     'POST_RESET_VIEW': None,
     'POST_CHANGE_VIEW': None,
-    'UNAUTHORIZED_VIEW': lambda: None,
+    'UNAUTHORIZED_VIEW': None,
     'FORGOT_PASSWORD_TEMPLATE': 'security/forgot_password.html',
     'LOGIN_USER_TEMPLATE': 'security/login_user.html',
     'REGISTER_USER_TEMPLATE': 'security/register_user.html',

diff --git a/flask_security/decorators.py b/flask_security/decorators.py
@@ -43,7 +43,7 @@ def _get_unauthorized_response(text=None, headers=None):
 
 
 def _get_unauthorized_view():
-    view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW'))
+    view = utils.config_value('UNAUTHORIZED_VIEW')
     if view:
         if callable(view):
             view = view()

diff --git a/tests/test_common.py b/tests/test_common.py
@@ -132,9 +132,10 @@ def test_authorized_access(client):
 def test_unauthorized_access(client, get_message):
     authenticate(client, "joe@lp.com")
     response = client.get("/admin", follow_redirects=True)
-    assert get_message('UNAUTHORIZED') in response.data
+    assert response.status_code == 403
 
 
+@pytest.mark.settings(unauthorized_view=lambda: None)
 def test_unauthorized_access_with_referrer(client, get_message):
     authenticate(client, 'joe@lp.com')
     response = client.get('/admin', headers={'referer': '/admin'})
@@ -154,6 +155,7 @@ def test_unauthorized_access_with_referrer(client, get_message):
     assert response.data.count(get_message('UNAUTHORIZED')) == 1
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_roles_accepted(client):
     for user in ("matt@lp.com", "joe@lp.com"):
         authenticate(client, user)
@@ -166,11 +168,13 @@ def test_roles_accepted(client):
     assert b'Home Page' in response.data
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_unauthenticated_role_required(client, get_message):
     response = client.get('/admin', follow_redirects=True)
     assert get_message('UNAUTHORIZED') in response.data
 
 
+@pytest.mark.settings(unauthorized_view='/')
 def test_multiple_role_required(client):
     for user in ("matt@lp.com", "joe@lp.com"):
         authenticate(client, user)