Merge branch 'error_views'

Dan Campbell · Dan Campbell · commit 746131e67ae8 · 2016-10-19T16:32:10.000-06:00
diff --git a/djangosaml2/templates/djangosaml2/login_error.html b/djangosaml2/templates/djangosaml2/login_error.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  </head>
+  <body>
+    <h1>Authentication Error.</h1>
+
+    <h2>Access Denied.</h2>
+
+  </body>
+</html>
diff --git a/djangosaml2/templates/djangosaml2/permission_denied.html b/djangosaml2/templates/djangosaml2/permission_denied.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  </head>
+  <body>
+    <h1>Permission Denied.</h1>
+
+  </body>
+</html>
diff --git a/djangosaml2/views.py b/djangosaml2/views.py
@@ -47,6 +47,7 @@ def csrf_exempt(view_func):
 from saml2.metadata import entity_descriptor
 from saml2.ident import code, decode
 from saml2.sigver import MissingKey
+from saml2.response import StatusError
 
 from djangosaml2.cache import IdentityCache, OutstandingQueriesCache
 from djangosaml2.cache import StateCache
@@ -223,6 +224,9 @@ def assertion_consumer_service(request,
     try:
         response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST,
                                                        outstanding_queries)
+    except StatusError:
+        return render(request, 'djangosaml2/login_error.html', status=403)
+
     except MissingKey:
         logger.error('MissingKey error in ACS')
         return HttpResponseForbidden(
@@ -250,7 +254,7 @@ def assertion_consumer_service(request,
                              create_unknown_user=create_unknown_user)
     if user is None:
         logger.error('The user is None')
-        raise PermissionDenied
+        return render(request, 'djangosaml2/permission_denied.html', status=403)
 
     auth.login(request, user)
     _set_subject_id(request.session, session_info['name_id'])
