Skip to content

Commit

Permalink
Merge pull request #774 from JohnL17/add_key_error_exception
Browse files Browse the repository at this point in the history
fix(OIDC): raise a 401 if user is not logged in
  • Loading branch information
open-dynaMIX authored Nov 4, 2019
2 parents dfba2b2 + 1b5851c commit a84ea08
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
14 changes: 14 additions & 0 deletions caluma/user/tests/test_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,3 +78,17 @@ def test_authentication_view_improperly_configured(rf, settings):
request = rf.get("/graphql", HTTP_AUTHORIZATION="Bearer Token")
with pytest.raises(ImproperlyConfigured):
views.AuthenticationGraphQLView.as_view()(request)


def test_no_client_id(rf, requests_mock, settings):
cache.clear()
authentication_header = "Bearer Token"
userinfo = {"sub": "1"}
requests_mock.get(
settings.OIDC_USERINFO_ENDPOINT, text=json.dumps(userinfo), status_code=401
)
requests_mock.post(settings.OIDC_INTROSPECT_ENDPOINT, text=json.dumps(userinfo))

request = rf.get("/graphql", HTTP_AUTHORIZATION=authentication_header)
response = views.AuthenticationGraphQLView.as_view()(request)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
3 changes: 3 additions & 0 deletions caluma/user/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ def get_user(self, request):
introspect_method,
timeout=settings.OIDC_BEARER_TOKEN_REVALIDATION_TIME,
)
if "client_id" not in introspection:
response = HttpResponse(status=401)
raise HttpError(response)
return models.OIDCClient(token, introspection)
else:
raise e
Expand Down

0 comments on commit a84ea08

Please sign in to comment.