Page MenuHomeSoftware Heritage
Differential D5446

django/backends: Improve expired token handling
ClosedPublic
Actions

Authored by anlambert on Apr 7 2021, 6:52 PM.

Details

Reviewers
ardumont
Group Reviewers
Reviewers
Maniphest Tasks
T3121: Improve handling of expired authentication tokens
Commits
rDAUTH309118c158d9: django/backends: Improve expired token handling
Summary

I stumbled across that behavior when testing bearer tokens expiration
from swh-web API tokens Web UI (D5445).

The first time a user sends an expired token previously used to
perform authenticated Web API calls, Keycloak will return the
following error message: "Offline session not active".

Keycloak will then remove the offline session from its database
and future calls to a Web API with the expired token will
return the following error message: "Offline user session not found".

So handle that error message too for indicating a token has expired.

Related to T3121

Diff Detail

Repository
rDAUTH Common authentication libraries
Branch
drf-backend-improve-expired-token-handling
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 20517
Build 31845: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 31844: arc lint + arc unit

Event Timeline

anlambert created this revision.Apr 7 2021, 6:52 PM
Herald added a reviewer: Reviewers. · View Herald TranscriptApr 7 2021, 6:52 PM
swh-public-ci added a comment.Apr 7 2021, 6:53 PM

Build is green

Patch application report for D5446 (id=19474)

Rebasing onto d06924ed00...

Current branch diff-target is up to date.
Changes applied before test
commit 309118c158d905d1b95ef73f518015b5dc113765
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Apr 7 18:47:56 2021 +0200

    django/backends: Improve expired token handling
    
    The first time a user sends an expired token previously used to
    perform authenticated Web API calls, Keycloak will return the
    following error message: "Offline session not active".
    
    So handle that error message too for indicating a token has expired.
    
    Related to T3121

See https://jenkins.softwareheritage.org/job/DAUTH/job/tests-on-diff/69/ for more details.

Harbormaster completed remote builds in B20517: Diff 19474.Apr 7 2021, 6:53 PM
anlambert requested review of this revision.Apr 7 2021, 6:53 PM
ardumont accepted this revision.Apr 7 2021, 7:04 PM
This revision is now accepted and ready to land.Apr 7 2021, 7:04 PM
Closed by commit rDAUTH309118c158d9: django/backends: Improve expired token handling (authored by anlambert). · Explain WhyApr 8 2021, 11:08 AM
This revision was automatically updated to reflect the committed changes.
anlambert added a commit: rDAUTH309118c158d9: django/backends: Improve expired token handling.

Revision Contents
Changeset List

PathSizeCoverage (All)Coverage (Touched)
swh/
auth/
django/
5 lines91%
Loading...
tests/
django/
34 lines100%
Loading...

Diff 19474

View Options

swh/auth/django/backends.py

Loading...
View Options

swh/auth/tests/django/test_drf_bearer_token_auth.py

Loading...
About · Developer information · Legal