mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #24733 -- Passed the triggering exception to 40x error handlers
Thanks Tim Graham for the review.
This commit is contained in:
		| @@ -3,6 +3,7 @@ from __future__ import unicode_literals | |||||||
| import logging | import logging | ||||||
| import sys | import sys | ||||||
| import types | import types | ||||||
|  | import warnings | ||||||
|  |  | ||||||
| from django import http | from django import http | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| @@ -13,6 +14,7 @@ from django.core.exceptions import ( | |||||||
| from django.db import connections, transaction | from django.db import connections, transaction | ||||||
| from django.http.multipartparser import MultiPartParserError | from django.http.multipartparser import MultiPartParserError | ||||||
| from django.utils import six | from django.utils import six | ||||||
|  | from django.utils.deprecation import RemovedInDjango21Warning | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
| from django.utils.module_loading import import_string | from django.utils.module_loading import import_string | ||||||
| from django.views import debug | from django.views import debug | ||||||
| @@ -80,9 +82,20 @@ class BaseHandler(object): | |||||||
|                 view = transaction.atomic(using=db.alias)(view) |                 view = transaction.atomic(using=db.alias)(view) | ||||||
|         return view |         return view | ||||||
|  |  | ||||||
|     def get_exception_response(self, request, resolver, status_code): |     def get_exception_response(self, request, resolver, status_code, exception): | ||||||
|         try: |         try: | ||||||
|             callback, param_dict = resolver.resolve_error_handler(status_code) |             callback, param_dict = resolver.resolve_error_handler(status_code) | ||||||
|  |             # Unfortunately, inspect.getargspec result is not trustable enough | ||||||
|  |             # depending on the callback wrapping in decorators (frequent for handlers). | ||||||
|  |             # Falling back on try/except: | ||||||
|  |             try: | ||||||
|  |                 response = callback(request, **dict(param_dict, exception=exception)) | ||||||
|  |             except TypeError: | ||||||
|  |                 warnings.warn( | ||||||
|  |                     "Error handlers should accept an exception parameter. Update " | ||||||
|  |                     "your code as this parameter will be required in Django 2.1", | ||||||
|  |                     RemovedInDjango21Warning, stacklevel=2 | ||||||
|  |                 ) | ||||||
|                 response = callback(request, **param_dict) |                 response = callback(request, **param_dict) | ||||||
|         except: |         except: | ||||||
|             signals.got_request_exception.send(sender=self.__class__, request=request) |             signals.got_request_exception.send(sender=self.__class__, request=request) | ||||||
| @@ -171,25 +184,25 @@ class BaseHandler(object): | |||||||
|             if settings.DEBUG: |             if settings.DEBUG: | ||||||
|                 response = debug.technical_404_response(request, exc) |                 response = debug.technical_404_response(request, exc) | ||||||
|             else: |             else: | ||||||
|                 response = self.get_exception_response(request, resolver, 404) |                 response = self.get_exception_response(request, resolver, 404, exc) | ||||||
|  |  | ||||||
|         except PermissionDenied: |         except PermissionDenied as exc: | ||||||
|             logger.warning( |             logger.warning( | ||||||
|                 'Forbidden (Permission denied): %s', request.path, |                 'Forbidden (Permission denied): %s', request.path, | ||||||
|                 extra={ |                 extra={ | ||||||
|                     'status_code': 403, |                     'status_code': 403, | ||||||
|                     'request': request |                     'request': request | ||||||
|                 }) |                 }) | ||||||
|             response = self.get_exception_response(request, resolver, 403) |             response = self.get_exception_response(request, resolver, 403, exc) | ||||||
|  |  | ||||||
|         except MultiPartParserError: |         except MultiPartParserError as exc: | ||||||
|             logger.warning( |             logger.warning( | ||||||
|                 'Bad request (Unable to parse request body): %s', request.path, |                 'Bad request (Unable to parse request body): %s', request.path, | ||||||
|                 extra={ |                 extra={ | ||||||
|                     'status_code': 400, |                     'status_code': 400, | ||||||
|                     'request': request |                     'request': request | ||||||
|                 }) |                 }) | ||||||
|             response = self.get_exception_response(request, resolver, 400) |             response = self.get_exception_response(request, resolver, 400, exc) | ||||||
|  |  | ||||||
|         except SuspiciousOperation as exc: |         except SuspiciousOperation as exc: | ||||||
|             # The request logger receives events for any problematic request |             # The request logger receives events for any problematic request | ||||||
| @@ -205,7 +218,7 @@ class BaseHandler(object): | |||||||
|             if settings.DEBUG: |             if settings.DEBUG: | ||||||
|                 return debug.technical_500_response(request, *sys.exc_info(), status_code=400) |                 return debug.technical_500_response(request, *sys.exc_info(), status_code=400) | ||||||
|  |  | ||||||
|             response = self.get_exception_response(request, resolver, 400) |             response = self.get_exception_response(request, resolver, 400, exc) | ||||||
|  |  | ||||||
|         except SystemExit: |         except SystemExit: | ||||||
|             # Allow sys.exit() to actually exit. See tickets #1023 and #4701 |             # Allow sys.exit() to actually exit. See tickets #1023 and #4701 | ||||||
|   | |||||||
| @@ -1,5 +1,7 @@ | |||||||
| from django import http | from django import http | ||||||
| from django.template import Context, Engine, TemplateDoesNotExist, loader | from django.template import Context, Engine, TemplateDoesNotExist, loader | ||||||
|  | from django.utils import six | ||||||
|  | from django.utils.encoding import force_text | ||||||
| from django.views.decorators.csrf import requires_csrf_token | from django.views.decorators.csrf import requires_csrf_token | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -7,7 +9,7 @@ from django.views.decorators.csrf import requires_csrf_token | |||||||
| # therefore need @requires_csrf_token in case the template needs | # therefore need @requires_csrf_token in case the template needs | ||||||
| # {% csrf_token %}. | # {% csrf_token %}. | ||||||
| @requires_csrf_token | @requires_csrf_token | ||||||
| def page_not_found(request, template_name='404.html'): | def page_not_found(request, exception, template_name='404.html'): | ||||||
|     """ |     """ | ||||||
|     Default 404 handler. |     Default 404 handler. | ||||||
|  |  | ||||||
| @@ -15,8 +17,24 @@ def page_not_found(request, template_name='404.html'): | |||||||
|     Context: |     Context: | ||||||
|         request_path |         request_path | ||||||
|             The path of the requested URL (e.g., '/app/pages/bad_page/') |             The path of the requested URL (e.g., '/app/pages/bad_page/') | ||||||
|  |         exception | ||||||
|  |             The message from the exception which triggered the 404 (if one was | ||||||
|  |             supplied), or the exception class name | ||||||
|     """ |     """ | ||||||
|     context = {'request_path': request.path} |     exception_repr = exception.__class__.__name__ | ||||||
|  |     # Try to get an "interesting" exception message, if any (and not the ugly | ||||||
|  |     # Resolver404 dictionary) | ||||||
|  |     try: | ||||||
|  |         message = exception.args[0] | ||||||
|  |     except (AttributeError, IndexError): | ||||||
|  |         pass | ||||||
|  |     else: | ||||||
|  |         if isinstance(message, six.text_type): | ||||||
|  |             exception_repr = message | ||||||
|  |     context = { | ||||||
|  |         'request_path': request.path, | ||||||
|  |         'exception': exception_repr, | ||||||
|  |     } | ||||||
|     try: |     try: | ||||||
|         template = loader.get_template(template_name) |         template = loader.get_template(template_name) | ||||||
|         body = template.render(context, request) |         body = template.render(context, request) | ||||||
| @@ -46,7 +64,7 @@ def server_error(request, template_name='500.html'): | |||||||
|  |  | ||||||
|  |  | ||||||
| @requires_csrf_token | @requires_csrf_token | ||||||
| def bad_request(request, template_name='400.html'): | def bad_request(request, exception, template_name='400.html'): | ||||||
|     """ |     """ | ||||||
|     400 error handler. |     400 error handler. | ||||||
|  |  | ||||||
| @@ -57,6 +75,7 @@ def bad_request(request, template_name='400.html'): | |||||||
|         template = loader.get_template(template_name) |         template = loader.get_template(template_name) | ||||||
|     except TemplateDoesNotExist: |     except TemplateDoesNotExist: | ||||||
|         return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>', content_type='text/html') |         return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>', content_type='text/html') | ||||||
|  |     # No exception content is passed to the template, to not disclose any sensitive information. | ||||||
|     return http.HttpResponseBadRequest(template.render()) |     return http.HttpResponseBadRequest(template.render()) | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -64,7 +83,7 @@ def bad_request(request, template_name='400.html'): | |||||||
| # therefore need @requires_csrf_token in case the template needs | # therefore need @requires_csrf_token in case the template needs | ||||||
| # {% csrf_token %}. | # {% csrf_token %}. | ||||||
| @requires_csrf_token | @requires_csrf_token | ||||||
| def permission_denied(request, template_name='403.html'): | def permission_denied(request, exception, template_name='403.html'): | ||||||
|     """ |     """ | ||||||
|     Permission denied (403) handler. |     Permission denied (403) handler. | ||||||
|  |  | ||||||
| @@ -78,4 +97,6 @@ def permission_denied(request, template_name='403.html'): | |||||||
|         template = loader.get_template(template_name) |         template = loader.get_template(template_name) | ||||||
|     except TemplateDoesNotExist: |     except TemplateDoesNotExist: | ||||||
|         return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html') |         return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html') | ||||||
|     return http.HttpResponseForbidden(template.render(request=request)) |     return http.HttpResponseForbidden( | ||||||
|  |         template.render(request=request, context={'exception': force_text(exception)}) | ||||||
|  |     ) | ||||||
|   | |||||||
| @@ -58,6 +58,9 @@ details on these changes. | |||||||
| * The ``django.template.loaders.base.Loader.__call__()`` method will be | * The ``django.template.loaders.base.Loader.__call__()`` method will be | ||||||
|   removed. |   removed. | ||||||
|  |  | ||||||
|  | * Support for custom error views with a single positional parameter will be | ||||||
|  |   dropped. | ||||||
|  |  | ||||||
| .. _deprecation-removed-in-2.0: | .. _deprecation-removed-in-2.0: | ||||||
|  |  | ||||||
| 2.0 | 2.0 | ||||||
|   | |||||||
| @@ -61,7 +61,7 @@ these with your own custom views, see :ref:`customizing-error-views`. | |||||||
| The 404 (page not found) view | The 404 (page not found) view | ||||||
| ----------------------------- | ----------------------------- | ||||||
|  |  | ||||||
| .. function:: defaults.page_not_found(request, template_name='404.html') | .. function:: defaults.page_not_found(request, exception, template_name='404.html') | ||||||
|  |  | ||||||
| When you raise :exc:`~django.http.Http404` from within a view, Django loads a | When you raise :exc:`~django.http.Http404` from within a view, Django loads a | ||||||
| special view devoted to handling 404 errors. By default, it's the view | special view devoted to handling 404 errors. By default, it's the view | ||||||
| @@ -69,8 +69,10 @@ special view devoted to handling 404 errors. By default, it's the view | |||||||
| simple "Not Found" message or loads and renders the template ``404.html`` if | simple "Not Found" message or loads and renders the template ``404.html`` if | ||||||
| you created it in your root template directory. | you created it in your root template directory. | ||||||
|  |  | ||||||
| The default 404 view will pass one variable to the template: ``request_path``, | The default 404 view will pass two variables to the template: ``request_path``, | ||||||
| which is the URL that resulted in the error. | which is the URL that resulted in the error, and ``exception``, which is a | ||||||
|  | useful representation of the exception that triggered the view (e.g. containing | ||||||
|  | any message passed to a specific ``Http404`` instance). | ||||||
|  |  | ||||||
| Three things to note about 404 views: | Three things to note about 404 views: | ||||||
|  |  | ||||||
| @@ -85,6 +87,12 @@ Three things to note about 404 views: | |||||||
|   your 404 view will never be used, and your URLconf will be displayed |   your 404 view will never be used, and your URLconf will be displayed | ||||||
|   instead, with some debug information. |   instead, with some debug information. | ||||||
|  |  | ||||||
|  | .. versionchanged:: 1.9 | ||||||
|  |  | ||||||
|  |     The signature of ``page_not_found()`` changed. The function now accepts a | ||||||
|  |     second parameter, the exception that triggered the error. A useful | ||||||
|  |     representation of the exception is also passed in the template context. | ||||||
|  |  | ||||||
| .. _http_internal_server_error_view: | .. _http_internal_server_error_view: | ||||||
|  |  | ||||||
| The 500 (server error) view | The 500 (server error) view | ||||||
| @@ -110,7 +118,7 @@ instead, with some debug information. | |||||||
| The 403 (HTTP Forbidden) view | The 403 (HTTP Forbidden) view | ||||||
| ----------------------------- | ----------------------------- | ||||||
|  |  | ||||||
| .. function:: defaults.permission_denied(request, template_name='403.html') | .. function:: defaults.permission_denied(request, exception, template_name='403.html') | ||||||
|  |  | ||||||
| In the same vein as the 404 and 500 views, Django has a view to handle 403 | In the same vein as the 404 and 500 views, Django has a view to handle 403 | ||||||
| Forbidden errors. If a view results in a 403 exception then Django will, by | Forbidden errors. If a view results in a 403 exception then Django will, by | ||||||
| @@ -118,7 +126,9 @@ default, call the view ``django.views.defaults.permission_denied``. | |||||||
|  |  | ||||||
| This view loads and renders the template ``403.html`` in your root template | This view loads and renders the template ``403.html`` in your root template | ||||||
| directory, or if this file does not exist, instead serves the text | directory, or if this file does not exist, instead serves the text | ||||||
| "403 Forbidden", as per :rfc:`2616` (the HTTP 1.1 Specification). | "403 Forbidden", as per :rfc:`2616` (the HTTP 1.1 Specification). The template | ||||||
|  | context contains ``exception``, which is the unicode representation of the | ||||||
|  | exception that triggered the view. | ||||||
|  |  | ||||||
| ``django.views.defaults.permission_denied`` is triggered by a | ``django.views.defaults.permission_denied`` is triggered by a | ||||||
| :exc:`~django.core.exceptions.PermissionDenied` exception. To deny access in a | :exc:`~django.core.exceptions.PermissionDenied` exception. To deny access in a | ||||||
| @@ -131,12 +141,19 @@ view you can use code like this:: | |||||||
|             raise PermissionDenied |             raise PermissionDenied | ||||||
|         # ... |         # ... | ||||||
|  |  | ||||||
|  | .. versionchanged:: 1.9 | ||||||
|  |  | ||||||
|  |     The signature of ``permission_denied()`` changed in Django 1.9. The function | ||||||
|  |     now accepts a second parameter, the exception that triggered the error. The | ||||||
|  |     unicode representation of the exception is also passed in the template | ||||||
|  |     context. | ||||||
|  |  | ||||||
| .. _http_bad_request_view: | .. _http_bad_request_view: | ||||||
|  |  | ||||||
| The 400 (bad request) view | The 400 (bad request) view | ||||||
| -------------------------- | -------------------------- | ||||||
|  |  | ||||||
| .. function:: defaults.bad_request(request, template_name='400.html') | .. function:: defaults.bad_request(request, exception, template_name='400.html') | ||||||
|  |  | ||||||
| When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django, | When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django, | ||||||
| it may be handled by a component of Django (for example resetting the session | it may be handled by a component of Django (for example resetting the session | ||||||
| @@ -145,6 +162,14 @@ data). If not specifically handled, Django will consider the current request a | |||||||
|  |  | ||||||
| ``django.views.defaults.bad_request``, is otherwise very similar to the | ``django.views.defaults.bad_request``, is otherwise very similar to the | ||||||
| ``server_error`` view, but returns with the status code 400 indicating that | ``server_error`` view, but returns with the status code 400 indicating that | ||||||
| the error condition was the result of a client operation. | the error condition was the result of a client operation. By default, nothing | ||||||
|  | related to the exception that triggered the view is passed to the template | ||||||
|  | context, as the exception message might contain sensitive information like | ||||||
|  | filesystem paths. | ||||||
|  |  | ||||||
| ``bad_request`` views are also only used when :setting:`DEBUG` is ``False``. | ``bad_request`` views are also only used when :setting:`DEBUG` is ``False``. | ||||||
|  |  | ||||||
|  | .. versionchanged:: 1.9 | ||||||
|  |  | ||||||
|  |     The signature of ``bad_request()`` changed in Django 1.9. The function | ||||||
|  |     now accepts a second parameter, the exception that triggered the error. | ||||||
|   | |||||||
| @@ -269,6 +269,9 @@ Requests and Responses | |||||||
|  |  | ||||||
| * The debug view now shows details of chained exceptions on Python 3. | * The debug view now shows details of chained exceptions on Python 3. | ||||||
|  |  | ||||||
|  | * The default 40x error views now accept a second positional parameter, the | ||||||
|  |   exception that triggered the view. | ||||||
|  |  | ||||||
| Tests | Tests | ||||||
| ^^^^^ | ^^^^^ | ||||||
|  |  | ||||||
| @@ -520,6 +523,10 @@ Miscellaneous | |||||||
|   Therefore, the ``@skipIfCustomUser`` decorator is no longer needed to |   Therefore, the ``@skipIfCustomUser`` decorator is no longer needed to | ||||||
|   decorate tests in ``django.contrib.auth``. |   decorate tests in ``django.contrib.auth``. | ||||||
|  |  | ||||||
|  | * If you customized some :ref:`error handlers <error-views>`, the view | ||||||
|  |   signatures with only one request parameter are deprecated. The views should | ||||||
|  |   now also accept a second ``exception`` positional parameter. | ||||||
|  |  | ||||||
| .. removed-features-1.9: | .. removed-features-1.9: | ||||||
|  |  | ||||||
| Features removed in 1.9 | Features removed in 1.9 | ||||||
|   | |||||||
| @@ -81,7 +81,7 @@ class DebugViewTests(LoggingCaptureMixin, TestCase): | |||||||
|         'OPTIONS': { |         'OPTIONS': { | ||||||
|             'loaders': [ |             'loaders': [ | ||||||
|                 ('django.template.loaders.locmem.Loader', { |                 ('django.template.loaders.locmem.Loader', { | ||||||
|                     '403.html': 'This is a test template for a 403 error.', |                     '403.html': 'This is a test template for a 403 error ({{ exception }}).', | ||||||
|                 }), |                 }), | ||||||
|             ], |             ], | ||||||
|         }, |         }, | ||||||
| @@ -89,6 +89,7 @@ class DebugViewTests(LoggingCaptureMixin, TestCase): | |||||||
|     def test_403_template(self): |     def test_403_template(self): | ||||||
|         response = self.client.get('/raises403/') |         response = self.client.get('/raises403/') | ||||||
|         self.assertContains(response, 'test template', status_code=403) |         self.assertContains(response, 'test template', status_code=403) | ||||||
|  |         self.assertContains(response, '(Insufficient Permissions).', status_code=403) | ||||||
|  |  | ||||||
|     def test_404(self): |     def test_404(self): | ||||||
|         response = self.client.get('/raises404/') |         response = self.client.get('/raises404/') | ||||||
|   | |||||||
| @@ -79,7 +79,8 @@ class DefaultsTests(TestCase): | |||||||
|         'OPTIONS': { |         'OPTIONS': { | ||||||
|             'loaders': [ |             'loaders': [ | ||||||
|                 ('django.template.loaders.locmem.Loader', { |                 ('django.template.loaders.locmem.Loader', { | ||||||
|                     '404.html': 'This is a test template for a 404 error.', |                     '404.html': 'This is a test template for a 404 error ' | ||||||
|  |                                 '(path: {{ request_path }}, exception: {{ exception }}).', | ||||||
|                     '500.html': 'This is a test template for a 500 error.', |                     '500.html': 'This is a test template for a 500 error.', | ||||||
|                 }), |                 }), | ||||||
|             ], |             ], | ||||||
| @@ -90,10 +91,13 @@ class DefaultsTests(TestCase): | |||||||
|         Test that 404.html and 500.html templates are picked by their respective |         Test that 404.html and 500.html templates are picked by their respective | ||||||
|         handler. |         handler. | ||||||
|         """ |         """ | ||||||
|         for code, url in ((404, '/non_existing_url/'), (500, '/server_error/')): |         response = self.client.get('/server_error/') | ||||||
|             response = self.client.get(url) |         self.assertContains(response, "test template for a 500 error", status_code=500) | ||||||
|             self.assertContains(response, "test template for a %d error" % code, |         response = self.client.get('/no_such_url/') | ||||||
|                 status_code=code) |         self.assertContains(response, 'path: /no_such_url/', status_code=404) | ||||||
|  |         self.assertContains(response, 'exception: Resolver404', status_code=404) | ||||||
|  |         response = self.client.get('/technical404/') | ||||||
|  |         self.assertContains(response, 'exception: Testing technical 404.', status_code=404) | ||||||
|  |  | ||||||
|     def test_get_absolute_url_attributes(self): |     def test_get_absolute_url_attributes(self): | ||||||
|         "A model can set attributes on the get_absolute_url method" |         "A model can set attributes on the get_absolute_url method" | ||||||
|   | |||||||
| @@ -1,4 +1,5 @@ | |||||||
| # -*- coding: utf-8 -*- | # -*- coding: utf-8 -*- | ||||||
|  | from functools import partial | ||||||
| from os import path | from os import path | ||||||
|  |  | ||||||
| from django.conf.urls import include, url | from django.conf.urls import include, url | ||||||
| @@ -57,7 +58,7 @@ urlpatterns = [ | |||||||
|     url(r'^$', views.index_page), |     url(r'^$', views.index_page), | ||||||
|  |  | ||||||
|     # Default views |     # Default views | ||||||
|     url(r'^non_existing_url/', defaults.page_not_found), |     url(r'^non_existing_url/', partial(defaults.page_not_found, exception=None)), | ||||||
|     url(r'^server_error/', defaults.server_error), |     url(r'^server_error/', defaults.server_error), | ||||||
|  |  | ||||||
|     # a view that raises an exception for the debug view |     # a view that raises an exception for the debug view | ||||||
|   | |||||||
| @@ -52,7 +52,7 @@ def raises400(request): | |||||||
|  |  | ||||||
|  |  | ||||||
| def raises403(request): | def raises403(request): | ||||||
|     raise PermissionDenied |     raise PermissionDenied("Insufficient Permissions") | ||||||
|  |  | ||||||
|  |  | ||||||
| def raises404(request): | def raises404(request): | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user