Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client: handles OAuthException #125

Merged
merged 1 commit into from
May 16, 2017
Merged

client: handles OAuthException #125

merged 1 commit into from
May 16, 2017

Conversation

pamfilos
Copy link
Member

When you login with CERN OAuth and you go 'Back' it throughs an Internal Server Error

[2017-03-28 14:16:22 +0200] [13916] [ERROR] Error handling request /app/oauth/authorized/cern/?code=d73e90f281524c23970ee1a88987047a97999c979bcc41908e65d5fe229551e8&state=eyJhbGciOiJIUzI1NiIsImV4cCI6MTQ5MDcwMzY3MiwiaWF0IjoxNDkwNzAzMzcyfQ.eyJhcHAiOiJjZXJuIiwic2lkIjoiZDU4ODRmYjM0NDIxNWRiMjUwN2ViYzg3ZDNlZTFiZThiYjlhNzY0MDgyOTliY2M4ZThiYzIwOTM2ZGM5MTQzNTNiMDkzYjQ4Mjc3NjdiMzM4MzkyYzM1NDQxMTczNjY3MDNjYTc1ZmMyYzU4NjIzYzE2NmI0YjQ3ZGRkYTkwODAiLCJuZXh0IjoiLyJ9.jL4lLM5AFT2HQigFtIPuV1-1sOQ1RvqY4FSc_HvChYw
Traceback (most recent call last):
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 135, in handle
    self.handle_request(listener, req, client, addr)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 176, in handle_request
    respiter = self.wsgi(environ, resp.start_response)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1994, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/werkzeug/wsgi.py", line 659, in __call__
    return app(environ, start_response)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1994, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1540, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/pamfilos/.envs/cap/src/invenio-oauthclient/invenio_oauthclient/views/client.py", line 129, in authorized
    return current_oauthclient.handlers[remote_app]()
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask_oauthlib/client.py", line 698, in decorated
    data = self.authorized_response()
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask_oauthlib/client.py", line 677, in authorized_response
    data = self.handle_oauth2_response()
  File "/Users/pamfilos/.envs/cap/lib/python2.7/site-packages/flask_oauthlib/client.py", line 664, in handle_oauth2_response
    type='invalid_response', data=data
OAuthException: Invalid response from cern

catching the exception and redirecting to homepage fixes the issues

@pamfilos pamfilos requested a review from lnielsen March 28, 2017 12:20
@lnielsen lnielsen requested a review from egabancho March 30, 2017 15:17
@lnielsen lnielsen assigned pamfilos and unassigned lnielsen Mar 30, 2017
lnielsen
lnielsen reviewed Mar 30, 2017
View reviewed changes
invenio_oauthclient/views/client.py Outdated
return current_oauthclient.handlers[remote_app]()
try:
handler = current_oauthclient.handlers[remote_app]()
except RuntimeError:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the stacktrace you included, shouldn't this exception be more specific (e.g. OAuthException). Also, I'd like to understand why the exception happens - is this only for CERN or is it also for e.g. ORCID? Catching the error at this level could potentially mask quite a lot of errors which would then never be reported, hence I'd prefer to be a bit careful and understand exactly why.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, for some magic reason when I was checking with OAuthException it wasn't working..Now it's ok and amended..

BTW, the response we are getting from CERN OAuth is {u'error': u'invalid_grant'}, so it might need further investigation from our side and the CERN OAuth side

@pamfilos
Copy link
Member Author

@lnielsen Can't catch it from here https://github.com/inveniosoftware/invenio-oauthclient/blob/master/invenio_oauthclient/handlers.py#L226

@lnielsen
Copy link
Member

The error seems to be generated by Flask-Oauthlib

Can you put a breakpoint there and extract the request.header, request.data, request.code and paste it here. I'm interested in what is actually in the response from the remote side and why it is considered invalid.

@pamfilos
Copy link
Member Author

So the issue when you go 'Back' exists because Flask-oauthlib needs the redirect_url (here), which doesn't exist as it is popped from here and it is None at that point.

When the redirect_url is missing CERN Oauth returns an {"error": "invalid_grant"} which can't be caught from oauth_error_handler

Also, @lnielsen @jirikuncar, how does this thing work for the Github contrib. Does it ever go here?

jirikuncar
jirikuncar reviewed Apr 18, 2017
View reviewed changes
invenio_oauthclient/views/client.py Outdated
if e.type == 'invalid_response':
flash('Code returned was invalid',
category='danger')
return redirect('/')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should consider abort instead of redirect. It looks like an invalid flow ...

@lnielsen lnielsen modified the milestone: v1.0.0 May 12, 2017
@lnielsen lnielsen assigned drjova and unassigned pamfilos May 12, 2017
@pamfilos @drjova
client: handles OAuthException
71c6647 
Signed-off-by: Pamfilos Fokianos <pamfilosf@gmail.com>
@lnielsen lnielsen merged commit 56f300a into inveniosoftware:master May 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jirikuncar jirikuncar jirikuncar left review comments

@lnielsen lnielsen lnielsen left review comments

@egabancho egabancho egabancho approved these changes

Assignees

@drjova drjova

Labels
Type: bug
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@pamfilos @lnielsen @jirikuncar @egabancho @drjova