[WEB - 1387]dev: custom csrf failure view (#4531)

* dev: custom csrf view * dev: update template to use only css for styling
2024-06-14 14:31:34 +00:00 · 2024-05-21 15:04:10 +05:30 · 2024-05-21 15:04:10 +05:30 · 0f5294c5e2
commit 0f5294c5e2
parent 410f04c327
3 changed files with 76 additions and 1 deletions
--- a/apiserver/plane/authentication/views/common.py
+++ b/apiserver/plane/authentication/views/common.py
@ -1,3 +1,6 @@
+# Django imports
+from django.shortcuts import render
+
 # Third party imports
 from rest_framework import status
 from rest_framework.permissions import AllowAny
@ -17,7 +20,7 @@ from plane.authentication.adapter.error import (
 )
 from django.middleware.csrf import get_token
 from plane.utils.cache import invalidate_cache
-
+from plane.authentication.utils.host import base_host

 class CSRFTokenEndpoint(APIView):

@ -34,6 +37,11 @@ class CSRFTokenEndpoint(APIView):
        )


+def csrf_failure(request, reason=""):
+    """Custom CSRF failure view"""
+    return render(request, "csrf_failure.html", {"reason": reason, "root_url": base_host(request=request)})
+
+
 class ChangePasswordEndpoint(APIView):
    def post(self, request):
        user = User.objects.get(pk=request.user.id)
--- a/apiserver/plane/settings/common.py
+++ b/apiserver/plane/settings/common.py
@ -345,6 +345,7 @@ CSRF_COOKIE_SECURE = secure_origins
 CSRF_COOKIE_HTTPONLY = True
 CSRF_TRUSTED_ORIGINS = cors_allowed_origins
 CSRF_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
+CSRF_FAILURE_VIEW = "plane.authentication.views.common.csrf_failure"

 # Base URLs
 ADMIN_BASE_URL = os.environ.get("ADMIN_BASE_URL", None)
--- a/apiserver/templates/csrf_failure.html
+++ b/apiserver/templates/csrf_failure.html
@ -0,0 +1,66 @@
+<!-- templates/csrf_failure.html -->
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>CSRF Verification Failed</title>
+    <style>
+      body {
+        font-family: Arial, sans-serif;
+        background-color: #f8f9fa;
+        padding: 50px;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        height: 100vh;
+        margin: 0;
+      }
+      .card {
+        max-width: 400px;
+        padding: 30px;
+        background-color: #ffffff;
+        border-radius: 8px;
+        box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+      }
+      .card-header {
+        text-align: center;
+        margin-bottom: 20px;
+      }
+      .btn-primary {
+        display: block;
+        width: 100%;
+        padding: 10px;
+        background-color: #007bff;
+        color: #fff;
+        text-align: center;
+        text-decoration: none;
+        border: none;
+        border-radius: 4px;
+        cursor: pointer;
+      }
+      .btn-primary:hover {
+        background-color: #0056b3;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="card">
+      <div class="card-header">
+        <h3>CSRF Verification Failed</h3>
+      </div>
+      <div class="card-body">
+        <p>
+          It looks like your form submission has expired or there was a problem
+          with your request.
+        </p>
+        <p>Please try the following:</p>
+        <ul>
+          <li>Refresh the page and try submitting the form again.</li>
+          <li>Ensure that cookies are enabled in your browser.</li>
+        </ul>
+        <a href="{{ root_url }}" class="btn-primary">Go to Home Page</a>
+      </div>
+    </div>
+  </body>
+</html>