mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response
This commit is contained in:
		| @@ -5,6 +5,7 @@ import re | |||||||
| from django import http | from django import http | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core import urlresolvers | from django.core import urlresolvers | ||||||
|  | from django.core.exceptions import PermissionDenied | ||||||
| from django.core.mail import mail_managers | from django.core.mail import mail_managers | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
|  |  | ||||||
| @@ -47,13 +48,7 @@ class CommonMiddleware(object): | |||||||
|         if 'HTTP_USER_AGENT' in request.META: |         if 'HTTP_USER_AGENT' in request.META: | ||||||
|             for user_agent_regex in settings.DISALLOWED_USER_AGENTS: |             for user_agent_regex in settings.DISALLOWED_USER_AGENTS: | ||||||
|                 if user_agent_regex.search(request.META['HTTP_USER_AGENT']): |                 if user_agent_regex.search(request.META['HTTP_USER_AGENT']): | ||||||
|                     logger.warning('Forbidden (User agent): %s', request.path, |                     raise PermissionDenied('Forbidden user agent') | ||||||
|                         extra={ |  | ||||||
|                             'status_code': 403, |  | ||||||
|                             'request': request |  | ||||||
|                         } |  | ||||||
|                     ) |  | ||||||
|                     return http.HttpResponseForbidden('<h1>Forbidden</h1>') |  | ||||||
|  |  | ||||||
|         # Check for a redirect based on settings.APPEND_SLASH |         # Check for a redirect based on settings.APPEND_SLASH | ||||||
|         # and settings.PREPEND_WWW |         # and settings.PREPEND_WWW | ||||||
|   | |||||||
| @@ -452,6 +452,12 @@ Requests and Responses | |||||||
|   <django.http.HttpRequest.urlconf>` to ``None`` to revert any changes made |   <django.http.HttpRequest.urlconf>` to ``None`` to revert any changes made | ||||||
|   by previous middleware and return to using the :setting:`ROOT_URLCONF`. |   by previous middleware and return to using the :setting:`ROOT_URLCONF`. | ||||||
|  |  | ||||||
|  | * The :setting:`DISALLOWED_USER_AGENTS` check in | ||||||
|  |   :class:`~django.middleware.common.CommonMiddleware` now raises a | ||||||
|  |   :class:`~django.core.exceptions.PermissionDenied` exception as opposed to | ||||||
|  |   returning an :class:`~django.http.HttpResponseForbidden` so that | ||||||
|  |   :data:`~django.conf.urls.handler403` is invoked. | ||||||
|  |  | ||||||
| Tests | Tests | ||||||
| ^^^^^ | ^^^^^ | ||||||
|  |  | ||||||
|   | |||||||
| @@ -9,6 +9,7 @@ from unittest import skipIf | |||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core import mail | from django.core import mail | ||||||
|  | from django.core.exceptions import PermissionDenied | ||||||
| from django.http import ( | from django.http import ( | ||||||
|     FileResponse, HttpRequest, HttpResponse, HttpResponsePermanentRedirect, |     FileResponse, HttpRequest, HttpResponse, HttpResponsePermanentRedirect, | ||||||
|     HttpResponseRedirect, StreamingHttpResponse, |     HttpResponseRedirect, StreamingHttpResponse, | ||||||
| @@ -256,9 +257,8 @@ class CommonMiddlewareTest(SimpleTestCase): | |||||||
|         with patch_logger('django.request', 'warning') as log_messages: |         with patch_logger('django.request', 'warning') as log_messages: | ||||||
|             request = self.rf.get('/slash') |             request = self.rf.get('/slash') | ||||||
|             request.META['HTTP_USER_AGENT'] = 'foo' |             request.META['HTTP_USER_AGENT'] = 'foo' | ||||||
|             r = CommonMiddleware().process_request(request) |             with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'): | ||||||
|             self.assertEqual(r.status_code, 403) |                 CommonMiddleware().process_request(request) | ||||||
|             self.assertEqual(log_messages, ['Forbidden (User agent): /slash']) |  | ||||||
|  |  | ||||||
|     def test_non_ascii_query_string_does_not_crash(self): |     def test_non_ascii_query_string_does_not_crash(self): | ||||||
|         """Regression test for #15152""" |         """Regression test for #15152""" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user