From d519350790919d5d17e963eeb1aada0c4fc91cb3 Mon Sep 17 00:00:00 2001
From: yshepilov <buggygm@gmail.com>
Date: Thu, 27 Jul 2023 21:22:25 +0200
Subject: [PATCH] #654 made oauth failure to logout user for any oauth (not
 only keycloak)

---
 src/auth/auth_abstract_oauth.py  | 12 ++++++++----
 src/auth/auth_keycloak_openid.py | 10 +---------
 src/web/script_config_socket.py  |  2 +-
 3 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/src/auth/auth_abstract_oauth.py b/src/auth/auth_abstract_oauth.py
index 95e8df51..c137f8eb 100644
--- a/src/auth/auth_abstract_oauth.py
+++ b/src/auth/auth_abstract_oauth.py
@@ -13,6 +13,7 @@
 import tornado
 import tornado.ioloop
 from tornado import httpclient, escape
+from tornado.httpclient import HTTPClientError
 
 from auth import auth_base
 from auth.auth_base import AuthFailureError, AuthBadRequestException, AuthRejectedError
@@ -266,10 +267,13 @@ async def _do_update_user_auth_async(self, username, user_state, access_token):
 
             try:
                 user_info = await self.fetch_user_info(access_token)  # type: _OauthUserInfo
-            except AuthRejectedError:
-                LOGGER.info(f'User {username} is not authenticated anymore. Logging out')
-                self._remove_user(username)
-                return
+            except (AuthRejectedError, HTTPClientError) as e:
+                if (not isinstance(e, HTTPClientError)) or (e.code == 401):
+                    LOGGER.info(f'User {username} is not authenticated anymore. Logging out')
+                    self._remove_user(username)
+                    return
+                else:
+                    raise e
 
             if (not user_info) or (not user_info.username):
                 LOGGER.error('Failed to fetch user info: %s', str(user_info))
diff --git a/src/auth/auth_keycloak_openid.py b/src/auth/auth_keycloak_openid.py
index fe4b1fcf..7aae259a 100644
--- a/src/auth/auth_keycloak_openid.py
+++ b/src/auth/auth_keycloak_openid.py
@@ -1,10 +1,8 @@
 import logging
 
 from tornado import escape
-from tornado.httpclient import HTTPClientError
 
 from auth.auth_abstract_oauth import AbstractOauthAuthenticator, _OauthUserInfo
-from auth.auth_base import AuthRejectedError
 from model import model_helper
 
 LOGGER = logging.getLogger('script_server.GoogleOauthAuthorizer')
@@ -33,13 +31,7 @@ async def fetch_user_info(self, access_token) -> _OauthUserInfo:
             self._realm_url + 'protocol/openid-connect/userinfo',
             headers={'Authorization': 'Bearer ' + access_token})
 
-        try:
-            user_response = await user_future
-        except HTTPClientError as e:
-            if e.code == 401:
-                raise AuthRejectedError('Failed to fetch user info')
-            else:
-                raise e
+        user_response = await user_future
 
         if not user_response:
             raise Exception('No response during loading userinfo')
diff --git a/src/web/script_config_socket.py b/src/web/script_config_socket.py
index 691a5058..de26665f 100644
--- a/src/web/script_config_socket.py
+++ b/src/web/script_config_socket.py
@@ -197,7 +197,7 @@ def load_model():
             self.close(code=CorruptConfigFileException.HTTP_CODE, reason=str(e))
             return None
         except Exception:
-            message = 'Failed to load script config ' + config_name
+            message = 'Failed to load script config ' + str(config_name)
             LOGGER.exception(message)
             self.close(code=500, reason=message)
             return None