Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Catch OIDC error #13078

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Catch OIDC error #13078

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4ce2730
Catch OIDC error
dacook Jan 15, 2025
4c84fdf
Show more specific message for oauth errors
dacook Jan 21, 2025
a3f916f
[fixup] Sanitise content from external source
dacook Jan 21, 2025
00b78f4
[wip] Delete tokens when authentication fails
dacook Jan 22, 2025
ff3af2f
Apply suggestions from code review
dacook Jan 22, 2025
9497e77
Refactor
dacook Jan 22, 2025
ec85822
[wip] spec for clearing tokens
dacook Jan 22, 2025
c2dd1b2
try stubbing instead
dacook Feb 3, 2025
46ef03a
still no luck
dacook Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions engines/dfc_provider/spec/services/dfc_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,5 +88,33 @@
products = graph.select { |s| s.semanticType == "dfc-b:SuppliedProduct" }
expect(products).to be_present
end

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mkllnk I've had a go at speccing this, but in order to test that it clears the tokens, we need to set tokens first.

I've copied secret vars from Bitwarden and am able to make these requests, but the test session isn't active and results in the error "invalid_grant :: Session not active" (the exact error I'm trying to test!)

Am I doing things the long way round? Let me know if you see a better way.

Otherwise, can you please help me to refresh the session? Then hopefully the below spec will work..

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't use VCR for this because the spec then depends on the state of your session. The one in Bitwarden is probably outdated. Use webmock. And you got the right error response to fill your example already.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback. I had another go, but I can't seem to set up the right context for this case to work.

Maybe it's not worth trying to make the spec. What if we merge this without a spec, and see if it solves the errors?

context "with account tokens" do
before do
account.refresh_token = ENV.fetch("OPENID_REFRESH_TOKEN")
api.call(
"https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts"
)
expect(account.token).not_to be_nil
end

it "clears the token if authentication fails", vcr: true do
allow_any_instance_of(OpenIDConnect::Client).to receive(:access_token!).and_raise(
Rack::OAuth2::Client::Error.new(
1, { error: "invalid_grant", error_description: "session not active" }
)
)

expect {
api.call(
"https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts"
)
}.to raise_error(Rack::OAuth2::Client::Error).and change {
account.token
}.to(nil).and change {
account.refresh_token
}.to(nil)
end
end
end
end
146 changes: 146 additions & 0 deletions ...reshing_token_when_stale/with_account_tokens/clears_the_token_if_authentication_fails.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.