core: add generic error view

passbook/core/templates/login/denied.html

@@ -0,0 +1,31 @@
+{% extends 'login/base.html' %}
+
+{% load static %}
+{% load i18n %}
+{% load utils %}
+
+{% block head %}
+{{ block.super }}
+<style>
+    .pf-icon {
+        font-size: 48px;
+        text-align: center;
+    }
+</style>
+{% endblock %}
+
+{% block card %}
+<header class="login-pf-header">
+  <h1>{% trans title %}</h1>
+</header>
+{% include 'partials/messages.html' %}
+<form method="POST">
+  {% csrf_token %}
+  {% include 'partials/form_login.html' %}
+  <span class="pf-icon pficon-error-circle-o btn-block"></span>
+  Access denied
+  {% if 'back' in request.GET %}
+  <a href="{% back %}" class="btn btn-primary btn-block btn-lg">{% trans 'Back' %}</a>
+  {% endif %}
+</form>
+{% endblock %}

passbook/core/views/utils.py

@@ -20,3 +20,14 @@ class LoadingView(TemplateView):
         kwargs['title'] = self.title
         kwargs['target_url'] = self.get_url()
         return super().get_context_data(**kwargs)
+
+class PermissionDeniedView(TemplateView):
+    """Generic Permission denied view"""
+
+    template_name = 'login/denied.html'
+    title = _('Permission denied.')
+
+    def get_context_data(self, **kwargs):
+        kwargs['is_login'] = True
+        kwargs['title'] = self.title
+        return super().get_context_data(**kwargs)

passbook/oauth_provider/urls.py

@@ -10,6 +10,8 @@ urlpatterns = [
          name="oauth2-authorize"),
     path('authorize/permission_ok/', oauth2.PassbookAuthorizationView.as_view(),
          name="oauth2-ok-authorize"),
+    path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(),
+         name='oauth2-permission-denied'),
     # OAuth API
     path('', include('oauth2_provider.urls', namespace='oauth2_provider')),
 ]

passbook/oauth_provider/views/oauth2.py

@@ -2,13 +2,12 @@
 from logging import getLogger
 from urllib.parse import urlencode
 
-from django.http import Http404
+from django.shortcuts import get_object_or_404, redirect, reverse
-from django.shortcuts import get_object_or_404, reverse
 from django.utils.translation import ugettext as _
 from oauth2_provider.views.base import AuthorizationView
 
 from passbook.core.views.access import AccessMixin
-from passbook.core.views.utils import LoadingView
+from passbook.core.views.utils import LoadingView, PermissionDeniedView
 from passbook.oauth_provider.models import OAuth2Provider
 
 LOGGER = getLogger(__name__)
@@ -23,6 +22,11 @@ class PassbookAuthorizationLoadingView(LoadingView):
         querystring = urlencode(self.request.GET)
         return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring
 
+
+class OAuthPermissionDenied(PermissionDeniedView):
+    """Show permission denied view"""
+
+
 class PassbookAuthorizationView(AccessMixin, AuthorizationView):
     """Custom OAuth2 Authorization View which checks rules, etc"""
 
@@ -40,8 +44,7 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
         self._application = application
         # Check permissions
         if not self.user_has_access(self._application, request.user):
-            # TODO: Create a general error class for access denied
+            return redirect(reverse('passbook_oauth_provider:oauth2-permission-denied'))
-            raise Http404
         actual_response = super().dispatch(request, *args, **kwargs)
         if actual_response.status_code == 400:
             LOGGER.debug(request.GET.get('redirect_uri'))