Raise HTTPException on resource server error

2025-02-05 02:13:09 +01:00 · 2025-02-05 02:13:09 +01:00 · b86ae4eb11
commit b86ae4eb11
parent 3dc14ae57b
5 changed files with 36 additions and 19 deletions
--- a/src/oidc_test/auth_utils.py
+++ b/src/oidc_test/auth_utils.py
@ -37,6 +37,7 @@ async def fetch_token(name, request):

 async def update_token(name, token, refresh_token=None, access_token=None):
    breakpoint()
+    item = await db.get_token(token["id_token"])
    if refresh_token:
        item = OAuth2Token.find(name=name, refresh_token=refresh_token)
    elif access_token:
--- a/src/oidc_test/resource_server.py
+++ b/src/oidc_test/resource_server.py
@ -3,6 +3,8 @@ import logging

 from httpx import AsyncClient
 from jwt.exceptions import ExpiredSignatureError, InvalidTokenError
+from fastapi import HTTPException, status
+from starlette.status import HTTP_401_UNAUTHORIZED

 from .models import User

@ -29,14 +31,17 @@ async def get_resource(resource_id: str, user: User) -> dict:
        else:
            ## For the showcase, giving a explanation.
            ## Alternatively, raise HTTP_401_UNAUTHORIZED
-            resp["sorry"] = (
+            raise HTTPException(
+                status.HTTP_401_UNAUTHORIZED,
                f"No scope {required_scope} in the access token "
-                + "but it is required for accessing this resource."
+                + "but it is required for accessing this resource.",
            )
    except ExpiredSignatureError:
-        resp["sorry"] = "The token's signature has expired"
+        raise HTTPException(
+            status.HTTP_401_UNAUTHORIZED, "The token's signature has expired"
+        )
    except InvalidTokenError:
-        resp["sorry"] = "The token is invalid"
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "The token is invalid")
    return resp


@ -53,7 +58,9 @@ async def process(user, resource_id, resp):
            bs = await client.get("https://corporatebs-generator.sameerkumar.website/")
            resp["bs"] = bs.json().get("phrase", "Sorry, i am out of BS today.")
    else:
-        resp["sorry"] = f"I don't known how to give '{resource_id}'."
+        raise HTTPException(
+            status.HTTP_401_UNAUTHORIZED, f"I don't known how to give '{resource_id}'."
+        )


 # assert user.oidc_provider is not None
--- a/src/oidc_test/static/styles.css
+++ b/src/oidc_test/static/styles.css
@ -73,6 +73,7 @@ hr {
 }
 .debug-auth p {
  border-bottom: 1px solid black;
+  text-align: left;
 }
 .debug-auth ul {
  padding: 0;
@ -188,9 +189,8 @@ hr {
  gap: 0.5em;
 }

-.resource {
+.resourceResult {
  padding: 0.5em;
-  display: flex;
  gap: 0.5em;
  flex-direction: column;
  width: fit-content;
--- a/src/oidc_test/static/utils.js
+++ b/src/oidc_test/static/utils.js
@ -20,6 +20,8 @@ function checkPerms(className) {

 async function get_resource(id, token, authProvider) {
  //if (!keycloak.keycloak) { return }
+  const msg = document.getElementById("msg")
+  const resourceElem = document.getElementById('resource')
  const resp = await fetch("resource/" + id, {
    method: "GET",
    headers: new Headers({
@ -27,18 +29,21 @@ async function get_resource(id, token, authProvider) {
      "Authorization": `Bearer ${token}`,
      "auth_provider": authProvider,
    }),
+  }).catch(err => {
+    msg.innerHTML = "Cannot fetch resource: " + err.message
+    resourceElem.innerHTML = ""
  })
-  /*
-    resource.value = resp['data']
-    msg.value = ""
+  if (resp === undefined) {
+    return
  }
-  ).catch (
-  err => msg.value = err
-  )
-*/
  const resource = await resp.json()
-  const rootElem = document.getElementById('resource')
-  rootElem.innerHTML = ""
+  if (!resp.ok) {
+    msg.innerHTML = resource["detail"]
+    resourceElem.innerHTML = ""
+    return
+  }
+  msg.innerHTML = ""
+  resourceElem.innerHTML = ""
  Object.entries(resource).forEach(
    ([k, v]) => {
      let r = document.createElement('div')
@ -53,7 +58,7 @@ async function get_resource(id, token, authProvider) {
      }
      r.appendChild(kElem)
      r.appendChild(vElem)
-      rootElem.appendChild(r)
+      resourceElem.appendChild(r)
    }
  )
 }
--- a/src/oidc_test/templates/home.html
+++ b/src/oidc_test/templates/home.html
@ -69,7 +69,10 @@
    <button onclick="get_resource('time', '{{ user.access_token }}', '{{ oidc_provider_settings.id }}')">Time</button>
    <button onclick="get_resource('bs', '{{ user.access_token }}', '{{ oidc_provider_settings.id }}')">BS</button>
  </div>
-  <div id="resource" class="resource"></div>
+  <div class="resourceResult">
+    <div id="resource" class="resource"></div>
+    <div id="msg" class="msg error"></div>
+  </div>
  <hr>
  {% endif %}
  <div class="content">
@ -96,6 +99,7 @@
        {% endfor %}
      </div>
    {% endif %}
+  </div>
  {% if user_info_details %}
    <hr>
    <div class="debug-auth">
@ -103,7 +107,7 @@
      <ul>
        {% for key, value in user_info_details.items() %}
        <li>
-          <span class="key">{{ key }}</span>: {{ value }}
+          <span class="key">{{ key }}</span>: <span class="value">{{ value }}</span>
        </li>
        {% endfor %}
      </ul>