0001-auth_oidc-report-token-endpoint-errors-to-user-and-i.patch
src/authentic2_auth_oidc/views.py | ||
---|---|---|
207 | 207 |
timeout=10, |
208 | 208 |
) |
209 | 209 |
response.raise_for_status() |
210 |
except requests.HTTPError as e: |
|
211 |
status_code = e.response.status_code |
|
212 |
try: |
|
213 |
content = response.json() |
|
214 |
except ValueError: |
|
215 |
content = response.content[:1024] |
|
216 |
if isinstance(content, dict): |
|
217 |
error = content.get('error') |
|
218 |
error_description = content.get('error_description') |
|
219 |
else: |
|
220 |
error = None |
|
221 |
error_description = None |
|
222 |
logger.warning( |
|
223 |
'auth_oidc: token_endpoint returned HTTP error status ' |
|
224 |
'%(status_code)s for %(issuer)s with content %(content)s' |
|
225 |
% { |
|
226 |
'issuer': provider.issuer, |
|
227 |
'status_code': status_code, |
|
228 |
'content': content, |
|
229 |
} |
|
230 |
) |
|
231 |
if error: |
|
232 |
messages.warning( |
|
233 |
request, |
|
234 |
_( |
|
235 |
'Authentication on %(name)s failed with error "%(error)s", report %(request_id)s to an administrator. ' |
|
236 |
) |
|
237 |
% { |
|
238 |
'name': provider.name, |
|
239 |
'error': error_description or error, |
|
240 |
'request_id': request.request_id, |
|
241 |
}, |
|
242 |
) |
|
243 |
else: |
|
244 |
messages.warning( |
|
245 |
request, |
|
246 |
_('Provider %(name)s is down, report %(request_id)s to ' 'an administrator. ') |
|
247 |
% { |
|
248 |
'name': provider.name, |
|
249 |
'request_id': request.request_id, |
|
250 |
}, |
|
251 |
) |
|
252 |
return self.continue_to_next_url(request) |
|
253 | ||
210 | 254 |
except requests.RequestException as e: |
211 | 255 |
logger.warning( |
212 | 256 |
'auth_oidc: failed to contact the token_endpoint for %(issuer)s, %(exception)s' |
tests/test_auth_oidc.py | ||
---|---|---|
311 | 311 |
} |
312 | 312 |
else: |
313 | 313 |
return { |
314 |
'content': json.dumps({'error': 'invalid request'}), |
|
314 |
'content': json.dumps( |
|
315 |
{ |
|
316 |
'error': 'invalid request', |
|
317 |
'error_description': 'Requête invalide', |
|
318 |
} |
|
319 |
), |
|
315 | 320 |
'headers': { |
316 | 321 |
'content-type': 'application/json', |
317 | 322 |
}, |
... | ... | |
481 | 486 | |
482 | 487 |
assert User.objects.count() == 0 |
483 | 488 | |
484 |
with utils.check_log(caplog, 'failed to contact the token_endpoint'):
|
|
489 |
with utils.check_log(caplog, "'error': 'invalid request'"):
|
|
485 | 490 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code): |
486 |
response = app.get(login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state}) |
|
491 |
response = app.get( |
|
492 |
login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state} |
|
493 |
).maybe_follow() |
|
494 |
assert 'Requête invalide' in response |
|
487 | 495 |
with utils.check_log(caplog, 'invalid id_token'): |
488 | 496 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token={'iss': None}): |
489 | 497 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state}) |
490 |
- |