0001-auth_oidc-report-token-endpoint-errors-to-user-and-i.patch
| src/authentic2_auth_oidc/views.py | ||
|---|---|---|
| 207 | 207 |
timeout=10, |
| 208 | 208 |
) |
| 209 | 209 |
response.raise_for_status() |
| 210 |
except requests.HTTPError as e: |
|
| 211 |
status_code = e.response.status_code |
|
| 212 |
try: |
|
| 213 |
content = response.json() |
|
| 214 |
except ValueError: |
|
| 215 |
content = response.content[:1024] |
|
| 216 |
if isinstance(content, dict): |
|
| 217 |
error = content.get('error')
|
|
| 218 |
error_description = content.get('error_description')
|
|
| 219 |
else: |
|
| 220 |
error = None |
|
| 221 |
error_description = None |
|
| 222 |
logger.warning( |
|
| 223 |
'auth_oidc: token_endpoint returned HTTP error status ' |
|
| 224 |
'%(status_code)s for %(issuer)s with content %(content)s' |
|
| 225 |
% {
|
|
| 226 |
'issuer': provider.issuer, |
|
| 227 |
'status_code': status_code, |
|
| 228 |
'content': content, |
|
| 229 |
} |
|
| 230 |
) |
|
| 231 |
if error: |
|
| 232 |
messages.warning( |
|
| 233 |
request, |
|
| 234 |
_( |
|
| 235 |
'Authentication on %(name)s failed with error "%(error)s", report %(request_id)s to an administrator. ' |
|
| 236 |
) |
|
| 237 |
% {
|
|
| 238 |
'name': provider.name, |
|
| 239 |
'error': error_description or error, |
|
| 240 |
'request_id': request.request_id, |
|
| 241 |
}, |
|
| 242 |
) |
|
| 243 |
else: |
|
| 244 |
messages.warning( |
|
| 245 |
request, |
|
| 246 |
_('Provider %(name)s is down, report %(request_id)s to ' 'an administrator. ')
|
|
| 247 |
% {
|
|
| 248 |
'name': provider.name, |
|
| 249 |
'request_id': request.request_id, |
|
| 250 |
}, |
|
| 251 |
) |
|
| 252 |
return self.continue_to_next_url(request) |
|
| 253 | ||
| 210 | 254 |
except requests.RequestException as e: |
| 211 | 255 |
logger.warning( |
| 212 | 256 |
'auth_oidc: failed to contact the token_endpoint for %(issuer)s, %(exception)s' |
| tests/test_auth_oidc.py | ||
|---|---|---|
| 311 | 311 |
} |
| 312 | 312 |
else: |
| 313 | 313 |
return {
|
| 314 |
'content': json.dumps({'error': 'invalid request'}),
|
|
| 314 |
'content': json.dumps( |
|
| 315 |
{
|
|
| 316 |
'error': 'invalid request', |
|
| 317 |
'error_description': 'Requête invalide', |
|
| 318 |
} |
|
| 319 |
), |
|
| 315 | 320 |
'headers': {
|
| 316 | 321 |
'content-type': 'application/json', |
| 317 | 322 |
}, |
| ... | ... | |
| 481 | 486 | |
| 482 | 487 |
assert User.objects.count() == 0 |
| 483 | 488 | |
| 484 |
with utils.check_log(caplog, 'failed to contact the token_endpoint'):
|
|
| 489 |
with utils.check_log(caplog, "'error': 'invalid request'"):
|
|
| 485 | 490 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code): |
| 486 |
response = app.get(login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state})
|
|
| 491 |
response = app.get( |
|
| 492 |
login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state}
|
|
| 493 |
).maybe_follow() |
|
| 494 |
assert 'Requête invalide' in response |
|
| 487 | 495 |
with utils.check_log(caplog, 'invalid id_token'): |
| 488 | 496 |
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token={'iss': None}):
|
| 489 | 497 |
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
|
| 490 |
- |
|