You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/09/22 21:07:38 UTC
[airavata-django-portal] 05/05: AIRAVATA-3346 Handle failed bearer
token authentication
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch AIRAVATA-3346-implement-remote-fs-abstraction-of-user-storage
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit c592887583ffee67a59a0fbd494b03e634fcfdd1
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Tue Sep 22 17:07:15 2020 -0400
AIRAVATA-3346 Handle failed bearer token authentication
---
django_airavata/apps/api/authentication.py | 3 +++
django_airavata/apps/auth/backends.py | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/django_airavata/apps/api/authentication.py b/django_airavata/apps/api/authentication.py
index acda113..fd282ba 100644
--- a/django_airavata/apps/api/authentication.py
+++ b/django_airavata/apps/api/authentication.py
@@ -14,6 +14,9 @@ class OAuthAuthentication(authentication.BaseAuthentication):
if 'HTTP_AUTHORIZATION' in request.META:
try:
user = authenticate(request=request)
+ if user is None:
+ raise exceptions.AuthenticationFailed(
+ "Token failed to authenticate")
_, token = request.META.get('HTTP_AUTHORIZATION').split()
# authz_token_middleware has already run, so must manually add
diff --git a/django_airavata/apps/auth/backends.py b/django_airavata/apps/auth/backends.py
index 4dd913d..1c9591d 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -39,6 +39,7 @@ class KeycloakBackend(object):
bearer, token = request.META.get('HTTP_AUTHORIZATION').split()
if bearer != "Bearer":
raise Exception("Unexpected Authorization header")
+ # implicitly validate token by using it to get userinfo
userinfo = self._get_userinfo_from_token(request, token)
# Token should be added as a request attribute (request.auth)
# self._process_token(request, token)
@@ -154,6 +155,11 @@ class KeycloakBackend(object):
oauth2_session.verify = settings.KEYCLOAK_CA_CERTFILE
userinfo = oauth2_session.get(
userinfo_url, verify=verify_ssl).json()
+ if 'error' in userinfo:
+ msg = userinfo.get('error_description')
+ if msg is None:
+ msg = f"Error fetching userinfo: {userinfo['error']}"
+ raise Exception(msg)
return userinfo
def _process_token(self, request, token):