# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-01-12 22:17:19
# Node ID e32790fb8e32fb17b6d0bef218b322ace274fb93
# Parent  8a946991ca8faced0200e8b97b45493d9995c38a

auth: use pyramid HTTP excetion when detecting CSRF error. It helps catching this
error by our error handler and displaying it nicely to users.

diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py
--- a/rhodecode/lib/auth.py
+++ b/rhodecode/lib/auth.py
@@ -35,6 +35,7 @@ import traceback
 from functools import wraps
 
 import ipaddress
+from pyramid.httpexceptions import HTTPForbidden
 from pylons import url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
@@ -1159,7 +1160,7 @@ class CSRFRequired(object):
                  'REMOTE_ADDR:%s, HEADERS:%s' % (
                      request, reason, request.remote_addr, request.headers))
 
-        abort(403, detail=csrf_message)
+        raise HTTPForbidden(explanation=csrf_message)
 
 
 class LoginRequired(object):