Page MenuHomeSoftware Heritage

deposit.auth: Fix authentication failure corner case
ClosedPublic

Authored by ardumont on Mar 23 2021, 4:01 PM.

Details

Summary

The error raised from keycloak can be less detailed than anticipated. This makes the
deposit server fails. So this commit fixes it by detailing only if it can. Delegating
such details to the newly craft swh.auth.keycloak.keycloak_error_message utility.

[1] https://sentry.softwareheritage.org/share/issue/ae84f6a49ded4adc84c3570020b527ee/

Related to T3166

Test Plan

tox

Diff Detail

Repository
rDDEP Push deposit
Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 20121
Build 31246: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 31245: arc lint + arc unit

Event Timeline

swh/deposit/tests/conftest.py
355

Previous version was too basic.
The new test added made it appear as much.
Thus the change.

Build is green

Patch application report for D5311 (id=19046)

Rebasing onto ba44a97373...

Current branch diff-target is up to date.
Changes applied before test
commit 0ab165351514944381f0c9968c60f454d4cca2f3
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Tue Mar 23 15:59:31 2021 +0100

    deposit.auth: Fix authentication corner case
    
    It can happen that the error raised from keycloak is not detailed enough. This makes the
    deposit server not too happy about it. So this commit fixes it by detailing only if it
    can.

See https://jenkins.softwareheritage.org/job/DDEP/job/tests-on-diff/594/ for more details.

Rework commit message to reference task

anlambert added a subscriber: anlambert.

Looks good to me, I think you should move the error message extraction code in swh-auth as this should be reusable in other code (swh-web for instance).

swh/deposit/auth.py
150–155

How about moving that code in an utility function in swh-auth ?

def keycloak_error_message(keycloak_error: KeycloakError) -> str:
    ...
This revision is now accepted and ready to land.Mar 23 2021, 4:07 PM

Build is green

Patch application report for D5311 (id=19047)

Rebasing onto ba44a97373...

Current branch diff-target is up to date.
Changes applied before test
commit 0d1f041a44c1586b05aafe156b8da2fc22d3ace1
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Tue Mar 23 15:59:31 2021 +0100

    deposit.auth: Fix authentication corner case
    
    It can happen that the error raised from keycloak is not detailed enough. This makes the
    deposit server not too happy about it. So this commit fixes it by detailing only if it
    can.
    
    Related to T3166

See https://jenkins.softwareheritage.org/job/DDEP/job/tests-on-diff/595/ for more details.

swh/deposit/auth.py
150–155

yes, doing that now.

ardumont retitled this revision from deposit.auth: Fix authentication corner case to deposit.auth: Fix authentication failure corner case.Mar 23 2021, 5:42 PM
ardumont edited the summary of this revision. (Show Details)
ardumont marked an inline comment as not done.

Rework commit message, diff description, and implementation to reuse swh.auth.keycloak
code.

Build is green

Patch application report for D5311 (id=19060)

Rebasing onto ba44a97373...

Current branch diff-target is up to date.
Changes applied before test
commit 4140d97d13b678ce50037e388ed663c8c43d85fb
Author: Antoine R. Dumont (@ardumont) <ardumont@softwareheritage.org>
Date:   Tue Mar 23 15:59:31 2021 +0100

    deposit.auth: Fix authentication failure corner case
    
    The error raised from keycloak can be less detailed than anticipated [1]. This makes the
    deposit server fails. So this commit fixes it by detailing only if it can. Delegating
    such details to the newly crafted swh.auth.keycloak.keycloak_error_message utility.
    
    [1] https://forge.softwareheritage.org/differential/revision/edit/5311/
    
    Related to T3166

See https://jenkins.softwareheritage.org/job/DDEP/job/tests-on-diff/596/ for more details.