111 |
111 |
if response.status_code != 200:
|
112 |
112 |
try:
|
113 |
113 |
data = response.json()
|
114 |
|
logger.warning(u'oauth2 error on access token retrieval: %r', data)
|
|
114 |
logger.error(u'oauth2 error on access token retrieval: %r', data)
|
115 |
115 |
except ValueError:
|
116 |
116 |
data = {}
|
117 |
|
logger.warning(u'oauth2 error on access token retrieval: %r', response.content)
|
|
117 |
logger.error(u'oauth2 error on access token retrieval: %r', response.content[:1024])
|
118 |
118 |
return
|
119 |
119 |
except requests.exceptions.RequestException as e:
|
120 |
|
logger.warning(u'unable to retrieve access token {}'.format(e))
|
|
120 |
logger.error(u'unable to retrieve access token {}'.format(e))
|
121 |
121 |
else:
|
122 |
122 |
try:
|
123 |
123 |
response = response.json()
|
124 |
|
logger.debug('token resolved : {}'.format(response))
|
|
124 |
logger.debug('token resolved : %s', response)
|
125 |
125 |
return response
|
126 |
126 |
except ValueError:
|
127 |
|
logger.warning(
|
128 |
|
"no JSON object can be decoded from the data received from {} : '{}'".format(
|
129 |
|
app_settings.token_url, response.content))
|
|
127 |
logger.error(
|
|
128 |
'no JSON object can be decoded from the data received from %s: %r',
|
|
129 |
app_settings.token_url, response.content[:1024])
|
130 |
130 |
|
131 |
131 |
|
132 |
132 |
def access_token_from_request(request, logger):
|
... | ... | |
216 |
216 |
data = self.oauth_session().get(url, verify=verify, allow_redirects=False, timeout=3)
|
217 |
217 |
data.raise_for_status()
|
218 |
218 |
except requests.exceptions.RequestException as e:
|
219 |
|
self.logger.warning(u'unable to retrieve ressource from {} due to {}'.format(url, e))
|
|
219 |
self.logger.error('unable to retrieve ressource from %s due to %s', url, e)
|
220 |
220 |
else:
|
221 |
221 |
try:
|
222 |
222 |
data = data.json()
|
223 |
|
self.logger.debug('ressource resolved : {}'.format(data))
|
|
223 |
self.logger.debug('ressource resolved: %s', data)
|
224 |
224 |
return data
|
225 |
225 |
except ValueError:
|
226 |
|
self.logger.warning(
|
227 |
|
"no JSON object can be decoded from the data received from {} : '{}'".format(
|
228 |
|
url, data.content))
|
|
226 |
self.logger.error(
|
|
227 |
'no JSON object can be decoded from the data received from %s: %r',
|
|
228 |
url, data.content)
|
229 |
229 |
|
230 |
230 |
def get_user_info(self):
|
231 |
231 |
return self.get_ressource(app_settings.userinfo_url + '?schema=openid',
|
... | ... | |
282 |
282 |
self.id_token, error = models.parse_id_token(
|
283 |
283 |
self.token['id_token'], client_id=app_settings.client_id, client_secret=key)
|
284 |
284 |
if not self.id_token:
|
285 |
|
self.logger.warning(u'validation of id_token failed: %s', error)
|
|
285 |
self.logger.error(u'validation of id_token failed: %s', error)
|
286 |
286 |
messages.warning(request, _('Unable to connect to FranceConnect.'))
|
287 |
287 |
return self.redirect(request)
|
288 |
288 |
nonce = self.id_token.get('nonce')
|
289 |
289 |
states = request.session.get('fc_states', {})
|
290 |
290 |
if not nonce or nonce not in states:
|
291 |
|
self.logger.warning(u'invalid nonce in id_token %s, known ones %s', nonce,
|
292 |
|
u', '.join(states.keys()))
|
|
291 |
self.logger.error(u'invalid nonce in id_token %s, known ones %s', nonce,
|
|
292 |
u', '.join(states.keys()))
|
293 |
293 |
messages.warning(request, _('Unable to connect to FranceConnect.'))
|
294 |
294 |
return self.redirect(request)
|
295 |
295 |
self.logger.debug('fc id_token %s', self.id_token)
|
... | ... | |
300 |
300 |
app_settings.client_id, token=self.token))
|
301 |
301 |
self.user_info = self.get_user_info()
|
302 |
302 |
if not self.user_info:
|
303 |
|
msg = 'userinfo resolution failed : {}'.format(self.token)
|
304 |
|
self.logger.warning(msg)
|
|
303 |
self.logger.error('userinfo resolution failed: %s', self.token)
|
305 |
304 |
messages.warning(request, _('Unable to connect to FranceConnect.'))
|
306 |
305 |
return self.redirect(request)
|
307 |
306 |
self.logger.debug('fc user_info %s', self.user_info)
|
308 |
|
-
|