From f42173d65c285d132ad7fb1e16dd65042fb5e51d Mon Sep 17 00:00:00 2001 From: Abhidnya Patil Date: Thu, 23 Apr 2020 11:47:27 -0700 Subject: [PATCH 1/4] Errors returned for foci errors --- msal/application.py | 6 +++++- tests/test_application.py | 13 +++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/msal/application.py b/msal/application.py index a17d3594..fd49ea7d 100644 --- a/msal/application.py +++ b/msal/application.py @@ -633,16 +633,20 @@ def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( **kwargs) if at and "error" not in at: return at + last_resp = None if app_metadata.get("family_id"): # Meaning this app belongs to this family at = self._acquire_token_silent_by_finding_specific_refresh_token( authority, scopes, dict(query, family_id=app_metadata["family_id"]), **kwargs) if at and "error" not in at: return at + last_resp = at + # Either this app is an orphan, so we will naturally use its own RT; # or all attempts above have failed, so we fall back to non-foci behavior. - return self._acquire_token_silent_by_finding_specific_refresh_token( + resp = self._acquire_token_silent_by_finding_specific_refresh_token( authority, scopes, dict(query, client_id=self.client_id), **kwargs) + return resp or last_resp def _get_app_metadata(self, environment): apps = self.token_cache.find( # Use find(), rather than token_cache.get(...) diff --git a/tests/test_application.py b/tests/test_application.py index 39becd5a..65b36b34 100644 --- a/tests/test_application.py +++ b/tests/test_application.py @@ -176,6 +176,19 @@ def tester(url, data=None, **kwargs): # Will not test scenario of app leaving family. Per specs, it won't happen. + def test_preexisting_family_app_will_attempt_frt_and_return_error(self): + error_response = '{"error": "invalid_grant", "error_description": "xyz"}' + def tester(url, data=None, **kwargs): + self.assertEqual( + self.frt, data.get("refresh_token"), "Should attempt the FRT") + return MinimalResponse(status_code=400, text=error_response) + app = ClientApplication( + "preexisting_family_app", authority=self.authority_url, token_cache=self.cache) + resp = app._acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( + self.authority, self.scopes, self.account, post=tester) + logger.debug("%s.cache = %s", self.id(), self.cache.serialize()) + self.assertEqual(json.loads(error_response), resp, "Error raised will be returned") + def test_family_app_remove_account(self): logger.debug("%s.cache = %s", self.id(), self.cache.serialize()) app = ClientApplication( From 0edcafe7d4d614424f42de8ca07b32066fc60701 Mon Sep 17 00:00:00 2001 From: Abhidnya Patil Date: Thu, 23 Apr 2020 11:49:39 -0700 Subject: [PATCH 2/4] Deleting extra line --- msal/application.py | 1 - 1 file changed, 1 deletion(-) diff --git a/msal/application.py b/msal/application.py index fd49ea7d..9c8614ad 100644 --- a/msal/application.py +++ b/msal/application.py @@ -641,7 +641,6 @@ def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( if at and "error" not in at: return at last_resp = at - # Either this app is an orphan, so we will naturally use its own RT; # or all attempts above have failed, so we fall back to non-foci behavior. resp = self._acquire_token_silent_by_finding_specific_refresh_token( From 1f876fbe29de8e5a1c827ff55349affcbbed19fb Mon Sep 17 00:00:00 2001 From: Abhidnya Patil Date: Thu, 23 Apr 2020 12:14:35 -0700 Subject: [PATCH 3/4] Rearranging --- msal/application.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/msal/application.py b/msal/application.py index 9c8614ad..516d1494 100644 --- a/msal/application.py +++ b/msal/application.py @@ -635,17 +635,16 @@ def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( return at last_resp = None if app_metadata.get("family_id"): # Meaning this app belongs to this family - at = self._acquire_token_silent_by_finding_specific_refresh_token( + last_resp = self._acquire_token_silent_by_finding_specific_refresh_token( authority, scopes, dict(query, family_id=app_metadata["family_id"]), **kwargs) - if at and "error" not in at: - return at - last_resp = at + if last_resp and "error" not in last_resp: + return last_resp # Either this app is an orphan, so we will naturally use its own RT; # or all attempts above have failed, so we fall back to non-foci behavior. - resp = self._acquire_token_silent_by_finding_specific_refresh_token( - authority, scopes, dict(query, client_id=self.client_id), **kwargs) - return resp or last_resp + return self._acquire_token_silent_by_finding_specific_refresh_token( + authority, scopes, dict(query, client_id=self.client_id), + **kwargs) or last_resp def _get_app_metadata(self, environment): apps = self.token_cache.find( # Use find(), rather than token_cache.get(...) From 8c65761575392e82e46d86895dbc0847f6e98649 Mon Sep 17 00:00:00 2001 From: Abhidnya Patil Date: Thu, 23 Apr 2020 13:00:06 -0700 Subject: [PATCH 4/4] Keeping previous at variable --- msal/application.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/msal/application.py b/msal/application.py index 516d1494..66d9b430 100644 --- a/msal/application.py +++ b/msal/application.py @@ -635,11 +635,11 @@ def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family( return at last_resp = None if app_metadata.get("family_id"): # Meaning this app belongs to this family - last_resp = self._acquire_token_silent_by_finding_specific_refresh_token( + last_resp = at = self._acquire_token_silent_by_finding_specific_refresh_token( authority, scopes, dict(query, family_id=app_metadata["family_id"]), **kwargs) - if last_resp and "error" not in last_resp: - return last_resp + if at and "error" not in at: + return at # Either this app is an orphan, so we will naturally use its own RT; # or all attempts above have failed, so we fall back to non-foci behavior. return self._acquire_token_silent_by_finding_specific_refresh_token(