From 9cb37c41220cca41f10d6f1d371d12b3e5bbfa8f Mon Sep 17 00:00:00 2001 From: Nikos Sklikas Date: Tue, 21 Sep 2021 13:25:24 +0300 Subject: [PATCH] Catch unhandled exception `get_session_info_by_token` might throw an exception, we catch it and return the appropriate error. --- src/oidcop/oidc/userinfo.py | 8 +++++++- tests/test_26_oidc_userinfo_endpoint.py | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/oidcop/oidc/userinfo.py b/src/oidcop/oidc/userinfo.py index aabc94d8..1abbbaa0 100755 --- a/src/oidcop/oidc/userinfo.py +++ b/src/oidcop/oidc/userinfo.py @@ -107,7 +107,13 @@ def do_response( def process_request(self, request=None, **kwargs): _mngr = self.server_get("endpoint_context").session_manager - _session_info = _mngr.get_session_info_by_token(request["access_token"], grant=True) + try: + _session_info = _mngr.get_session_info_by_token( + request["access_token"], grant=True + ) + except (KeyError, ValueError): + return self.error_cls(error="invalid_token", error_description="Invalid Token") + _grant = _session_info["grant"] token = _grant.get_token(request["access_token"]) # should be an access token diff --git a/tests/test_26_oidc_userinfo_endpoint.py b/tests/test_26_oidc_userinfo_endpoint.py index 2577a450..53d8d12c 100755 --- a/tests/test_26_oidc_userinfo_endpoint.py +++ b/tests/test_26_oidc_userinfo_endpoint.py @@ -482,6 +482,22 @@ def test_invalid_token(self): assert isinstance(args, ResponseMessage) assert args["error_description"] == "Invalid Token" + def test_invalid_token_2(self): + _auth_req = AUTH_REQ.copy() + _auth_req["scope"] = ["openid", "research_and_scholarship"] + + session_id = self._create_session(_auth_req) + grant = self.session_manager[session_id] + access_token = self._mint_token("access_token", grant, session_id) + self.session_manager.flush() + + http_info = {"headers": {"authorization": "Bearer {}".format(access_token.value)}} + _req = self.endpoint.parse_request({}, http_info=http_info) + args = self.endpoint.process_request(_req) + + assert isinstance(args, ResponseMessage) + assert args["error_description"] == "Invalid Token" + def test_expired_token(self, monkeypatch): _auth_req = AUTH_REQ.copy() _auth_req["scope"] = ["openid", "research_and_scholarship"]