From 5aabac036c3e44cb4813ae002f0711e8c42d7b0f Mon Sep 17 00:00:00 2001
From: Joseph Nuthalapati <njoseph@thoughtworks.com>
Date: Wed, 8 Nov 2017 19:26:25 +0530
Subject: [PATCH] sso: Fix conflict between urls of sso and captcha

django-simple-captcha's /refresh url's regex was matching anything that ends
with the word "refresh". This was clashing with sso/refresh. Changed the regex
for captcha's url to captcha/refresh.

Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 .../includes/freedombox-single-sign-on.conf   |  2 +-
 plinth/modules/sso/urls.py                    |  6 ++----
 plinth/urls.py                                | 21 ++++++++++---------
 3 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/data/etc/apache2/includes/freedombox-single-sign-on.conf b/data/etc/apache2/includes/freedombox-single-sign-on.conf
index 012838f39..1cc675b9c 100644
--- a/data/etc/apache2/includes/freedombox-single-sign-on.conf
+++ b/data/etc/apache2/includes/freedombox-single-sign-on.conf
@@ -3,7 +3,7 @@
     TKTAuthLoginURL /plinth/accounts/sso/login/
     TKTAuthBackArgName next
     TKTAuthDigest SHA512
-    TKTAuthRefreshURL /plinth/accounts/sso/refresh-pubtkt/
+    TKTAuthRefreshURL /plinth/accounts/sso/refresh/
     TKTAuthUnauthURL /plinth
     AuthType mod_auth_pubtkt
     AuthName "FreedomBox Single Sign On"
diff --git a/plinth/modules/sso/urls.py b/plinth/modules/sso/urls.py
index cb4a3c880..51360bb45 100644
--- a/plinth/modules/sso/urls.py
+++ b/plinth/modules/sso/urls.py
@@ -26,9 +26,7 @@ from plinth.utils import non_admin_view
 
 urlpatterns = [
     url(r'^accounts/sso/login/$',
-        public(SSOLoginView.as_view()),
-        name='sso-login'),
-    url(r'^accounts/sso/refresh-pubtkt/$',
-        non_admin_view(refresh),
+        public(SSOLoginView.as_view()), name='sso-login'),
+    url(r'^accounts/sso/refresh/$', non_admin_view(refresh),
         name='sso-refresh'),
 ]
diff --git a/plinth/urls.py b/plinth/urls.py
index 5af983a19..5964c8bf7 100644
--- a/plinth/urls.py
+++ b/plinth/urls.py
@@ -33,16 +33,17 @@ urlpatterns = [
     url(r'^sys/$', views.system_index, name='system'),
 
     # captcha urls are public
-    url(r'image/(?P<key>\w+)/$',
-        public(cviews.captcha_image), name='captcha-image', kwargs={
-            'scale': 1
-        }),
-    url(r'image/(?P<key>\w+)@2/$',
-        public(cviews.captcha_image), name='captcha-image-2x', kwargs={
-            'scale': 2
-        }),
-    url(r'audio/(?P<key>\w+)/$',
+    url(r'^captcha/image/(?P<key>\w+)/$',
+        public(cviews.captcha_image), name='captcha-image',
+        kwargs={'scale': 1}),
+    url(r'^captcha/image/(?P<key>\w+)@2/$',
+        public(cviews.captcha_image), name='captcha-image-2x',
+        kwargs={'scale': 2}),
+    url(r'^captcha/audio/(?P<key>\w+)/$',
         public(cviews.captcha_audio), name='captcha-audio'),
-    url(r'refresh/$', public(cviews.captcha_refresh), name='captcha-refresh'),
+    url(r'^captcha/refresh/$',
+        public(cviews.captcha_refresh), name='captcha-refresh'),
+
+    # locked url from django-axes
     url(r'locked/$', public(CaptchaLoginView.as_view()), name='locked_out'),
 ]