github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

/-/auth-token as root redirects to /, closes #2375

Browse source
This commit is contained in:
Simon Willison 2024-07-26 14:09:20 -07:00
commit 81b68a143a
2 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
datasette/views/special.py
View file

@ -75,6 +75,9 @@ class AuthTokenView(BaseView):
has_json_alternate = False has_json_alternate = False
async def get(self, request): async def get(self, request):
# If already signed in as root, redirect
if request.actor and request.actor.get("id") == "root":
return Response.redirect(self.ds.urls.instance())
token = request.args.get("token") or "" token = request.args.get("token") or ""
if not self.ds._root_token: if not self.ds._root_token:
raise Forbidden("Root token has already been used") raise Forbidden("Root token has already been used")

6
tests/test_auth.py
View file

@ -26,6 +26,12 @@ async def test_auth_token(ds_client):
# Check that a second with same token fails # Check that a second with same token fails
assert ds_client.ds._root_token is None assert ds_client.ds._root_token is None
assert (await ds_client.get(path)).status_code == 403 assert (await ds_client.get(path)).status_code == 403
# But attempting with same token while logged in as root should redirect to /
response = await ds_client.get(
path, cookies={"ds_actor": ds_client.actor_cookie({"id": "root"})}
)
assert response.status_code == 302
assert response.headers["Location"] == "/"
@pytest.mark.asyncio @pytest.mark.asyncio