#654 made oauth failure to logout user for any oauth (not only keycloak)

bugy · Jul 27, 2023 · d519350 · d519350
1 parent 1940e9e
commit d519350
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 14 deletions.
diff --git a/src/auth/auth_abstract_oauth.py b/src/auth/auth_abstract_oauth.py
@@ -13,6 +13,7 @@
 import tornado
 import tornado.ioloop
 from tornado import httpclient, escape
+from tornado.httpclient import HTTPClientError
 
 from auth import auth_base
 from auth.auth_base import AuthFailureError, AuthBadRequestException, AuthRejectedError
@@ -266,10 +267,13 @@ async def _do_update_user_auth_async(self, username, user_state, access_token):
 
             try:
                 user_info = await self.fetch_user_info(access_token)  # type: _OauthUserInfo
-            except AuthRejectedError:
-                LOGGER.info(f'User {username} is not authenticated anymore. Logging out')
-                self._remove_user(username)
-                return
+            except (AuthRejectedError, HTTPClientError) as e:
+                if (not isinstance(e, HTTPClientError)) or (e.code == 401):
+                    LOGGER.info(f'User {username} is not authenticated anymore. Logging out')
+                    self._remove_user(username)
+                    return
+                else:
+                    raise e
 
             if (not user_info) or (not user_info.username):
                 LOGGER.error('Failed to fetch user info: %s', str(user_info))

diff --git a/src/auth/auth_keycloak_openid.py b/src/auth/auth_keycloak_openid.py
@@ -1,10 +1,8 @@
 import logging
 
 from tornado import escape
-from tornado.httpclient import HTTPClientError
 
 from auth.auth_abstract_oauth import AbstractOauthAuthenticator, _OauthUserInfo
-from auth.auth_base import AuthRejectedError
 from model import model_helper
 
 LOGGER = logging.getLogger('script_server.GoogleOauthAuthorizer')
@@ -33,13 +31,7 @@ async def fetch_user_info(self, access_token) -> _OauthUserInfo:
             self._realm_url + 'protocol/openid-connect/userinfo',
             headers={'Authorization': 'Bearer ' + access_token})
 
-        try:
-            user_response = await user_future
-        except HTTPClientError as e:
-            if e.code == 401:
-                raise AuthRejectedError('Failed to fetch user info')
-            else:
-                raise e
+        user_response = await user_future
 
         if not user_response:
             raise Exception('No response during loading userinfo')

diff --git a/src/web/script_config_socket.py b/src/web/script_config_socket.py
@@ -197,7 +197,7 @@ def load_model():
             self.close(code=CorruptConfigFileException.HTTP_CODE, reason=str(e))
             return None
         except Exception:
-            message = 'Failed to load script config ' + config_name
+            message = 'Failed to load script config ' + str(config_name)
             LOGGER.exception(message)
             self.close(code=500, reason=message)
             return None