Commit d0d3c2b9 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Enhance error logging in the auth backend

parent df154e47
......@@ -5,6 +5,8 @@ import logging
from urllib.error import HTTPError
import jwt
from django.contrib.auth.backends import BaseBackend
from rest_framework.authentication import BaseAuthentication
from .utils import get_session, set_session, del_session, SessionError
......@@ -14,7 +16,7 @@ from .models import OIDCConfig
LOGGER = logging.getLogger(__name__)
class OIDCTokenAuthBackend:
class OIDCTokenAuthBackend(BaseBackend):
# get_user is part of the authentication backend API
def get_user(self, user_id):
......@@ -86,13 +88,12 @@ class OIDCTokenAuthBackend:
# Idp was not provided in param / session / JWT -> just try all of them
return self._get_idp_userinfo_bruteforce(access_token)
except OIDCConfig.DoesNotExist as error:
set_session(request, 'auth_error', str(error))
raise ValueError('Unable to retrieve userinfo (bruteforce)')
except OIDCConfig.DoesNotExist:
raise ValueError('Unable determine IdP of access token. Please set the X-Issuer Header to the IdPs issuer url.')
except HTTPError as error: # raised in idp.get_userinfo
set_session(request, 'auth_error', 'HTTP when retrieving user info: {}'.format(error))
raise ValueError('Unable to retrieve userinfo')
LOGGER.error('_get_idp_userinfo: %s', error)
raise ValueError('Error retrieving userinfo from the IdP. Maybe your access token is invalidp.')
# authenticate is part of the authentication backend API
def authenticate(self, request):
......@@ -121,8 +122,15 @@ class OIDCTokenAuthBackend:
del_session(request, ['deactivated', 'auth_error'])
return user
except (ValueError, SessionError) as error: # ValueError from self._get_idp_userinfo
except SessionError as error:
LOGGER.error('authenticate: %s', error)
return None
except ValueError as error: # ValueError from self._get_idp_userinfo
LOGGER.error('_get_idp_userinfo: %s', error)
set_session(request, 'msg', str(error))
# authentication was attempted -> raise
return None
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment