adebaumann/labhelper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

400 error on certain PNGs due to OIDC rerouting...?

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-05-19 01:02:51 +02:00
parent a2dbcaf79a
commit c4946f8e16
2 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
boxes/tests.py
View File

@@ -1,14 +1,31 @@
from types import SimpleNamespace
from django.contrib.admin.sites import AdminSite from django.contrib.admin.sites import AdminSite
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.core.files.uploadedfile import SimpleUploadedFile from django.core.files.uploadedfile import SimpleUploadedFile
from django.db import IntegrityError from django.db import IntegrityError
from django.test import Client, TestCase from django.test import Client, RequestFactory, SimpleTestCase, TestCase
from django.urls import reverse from django.urls import reverse
from mozilla_django_oidc.middleware import SessionRefresh
from .admin import BoxAdmin, BoxTypeAdmin, ThingAdmin from .admin import BoxAdmin, BoxTypeAdmin, ThingAdmin
from .models import Box, BoxType, Facet, Tag, Thing, ThingFile, ThingLink from .models import Box, BoxType, Facet, Tag, Thing, ThingFile, ThingLink
class OIDCSessionRefreshTests(SimpleTestCase):
"""Tests for OIDC session refresh routing exclusions."""
def test_media_urls_do_not_trigger_oidc_session_refresh(self):
"""Uploaded files should be served directly, not redirected through OIDC."""
request = RequestFactory().get('/media/things/files/251/diag_6606.png')
request.user = SimpleNamespace(is_authenticated=True)
request.session = {}
middleware = SessionRefresh(lambda request: None)
self.assertFalse(middleware.is_refreshable_url(request))
class AuthTestCase(TestCase): class AuthTestCase(TestCase):
"""Base test case that provides authenticated client.""" """Base test case that provides authenticated client."""

13
labhelper/settings.py
View File

@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/5.2/ref/settings/
""" """
import os import os
import re
from pathlib import Path from pathlib import Path
# Build paths inside the project like this: BASE_DIR / 'subdir'. # Build paths inside the project like this: BASE_DIR / 'subdir'.
@@ -181,5 +182,13 @@ OIDC_STORE_ID_TOKEN = True
# Redirect to the static login page on auth failure instead of looping back into OIDC # Redirect to the static login page on auth failure instead of looping back into OIDC
OIDC_AUTHENTICATION_FAILURE_REDIRECT_URL = os.environ.get('OIDC_AUTHENTICATION_FAILURE_REDIRECT_URL', '/login/') OIDC_AUTHENTICATION_FAILURE_REDIRECT_URL = os.environ.get('OIDC_AUTHENTICATION_FAILURE_REDIRECT_URL', '/login/')
# Exempt AJAX endpoints from the session-refresh middleware redirect # Exempt endpoints and uploaded media from the session-refresh middleware.
OIDC_EXEMPT_URLS = ['search_api'] #
# Media URLs are already served without a login_required view. If an embedded
# image request is redirected into a silent OIDC refresh, the callback happens
# in a subresource context and browsers can withhold the session cookie, causing
# the OIDC state check to fail with HTTP 400.
OIDC_EXEMPT_URLS = [
'search_api',
re.compile(rf'^{re.escape(MEDIA_URL)}'),
]