error query param in reautentication

Author: dakshbhayana11811137

tests/unit/accounts/test_views.py

@@ -3423,12 +3423,14 @@ def test_reauth(self, monkeypatch, pyramid_request, pyramid_services, next_route
         pyramid_request.matched_route = pretend.stub(name=pretend.stub())
         pyramid_request.matchdict = {"foo": "bar"}
         pyramid_request.GET = pretend.stub(mixed=lambda: {"baz": "bar"})
+        pyramid_request.params = {}
 
         form_obj = pretend.stub(
             next_route=pretend.stub(data=next_route),
             next_route_matchdict=pretend.stub(data="{}"),
             next_route_query=pretend.stub(data="{}"),
             validate=lambda: True,
+            password=pretend.stub(errors=[]),
         )
         form_class = pretend.call_recorder(lambda d, **kw: form_obj)
 

tests/unit/manage/test_init.py

@@ -66,6 +66,7 @@ def test_reauth(self, monkeypatch, require_reauth, needs_reauth_calls):
             session=pretend.stub(
                 needs_reauthentication=pretend.call_recorder(lambda *args: True)
             ),
+            params={},
             user=pretend.stub(username=pretend.stub()),
             matched_route=pretend.stub(name=pretend.stub()),
             matchdict={"foo": "bar"},

warehouse/accounts/views.py

@@ -1515,7 +1515,6 @@ def profile_public_email(user, request):
 
 @view_config(
     route_name="accounts.reauthenticate",
-    renderer="re-auth.html",
     uses_session=True,
     require_csrf=True,
     require_methods=False,
@@ -1542,27 +1541,34 @@ def reauthenticate(request, _form_class=ReAuthenticateForm):
         ],
     )
 
-    if form.next_route.data and form.next_route_matchdict.data:
-        redirect_to = request.route_path(
-            form.next_route.data,
-            **json.loads(form.next_route_matchdict.data)
-            | dict(_query=json.loads(form.next_route_query.data)),
-        )
-    else:
-        redirect_to = request.route_path("manage.projects")
+    next_route = form.next_route.data or "manage.projects"
+    next_route_matchdict = json.loads(form.next_route_matchdict.data or "{}")
+    next_route_query = json.loads(form.next_route_query.data or "{}")
 
-    resp = HTTPSeeOther(redirect_to)
+    is_valid = form.validate()
 
-    if request.method == "POST" and form.validate():
+    # Ensure errors don't persist across successful validations
+    next_route_query.pop("errors", None)
+
+    if request.method == "POST" and is_valid:
         request.session.record_auth_timestamp()
         request.session.record_password_timestamp(
             user_service.get_password_timestamp(request.user.id)
         )
-        return resp
+    else:
+        # Inject password errors into query if validation failed
+        if form.password.errors:
+            next_route_query["errors"] = json.dumps({
+                "password": [str(e) for e in form.password.errors]
+            })
+
+    redirect_to = request.route_path(
+        next_route,
+        **next_route_matchdict,
+        _query=next_route_query,
+    )
 
-    return {
-        "form": form,
-    }
+    return HTTPSeeOther(redirect_to)
 
 
 @view_defaults(

warehouse/manage/__init__.py

@@ -35,7 +35,6 @@ def reauth_view(view, info):
         def wrapped(context, request):
             if request.session.needs_reauthentication(time_to_reauth):
                 user_service = request.find_service(IUserService, context=None)
-
                 form = ReAuthenticateForm(
                     request.POST,
                     request=request,
@@ -45,6 +44,17 @@ def wrapped(context, request):
                     next_route_query=json.dumps(request.GET.mixed()),
                     user_service=user_service,
                 )
+                errors_param = request.params.get("errors")
+                if errors_param:
+                    try:
+                        parsed_errors = json.loads(errors_param)
+                        for field_name, messages in parsed_errors.items():
+                            field = getattr(form, field_name, None)
+                            if field is not None and hasattr(field, "errors"):
+                                field.errors = list(messages)
+                    except (ValueError, TypeError):
+                        # log or ignore bad JSON
+                        pass
 
                 return render_to_response(
                     "re-auth.html",