fix(authentication_callback): return errors detail instead of generic error 500 (#148)

Author: jbarreau

django_forest/authentication/exception.py

@@ -7,6 +7,12 @@ class BaseAuthenticationException(BaseForestException):
 class AuthenticationClientException(BaseAuthenticationException):
     STATUS = 401
 
+class AuthenticationOpenIdClientException(AuthenticationClientException):
+    def __init__(self, msg, error, error_description, state) -> None:
+        super().__init__(msg)
+        self.error = error
+        self.error_description = error_description
+        self.state = state
 
 class AuthenticationSettingsException(BaseAuthenticationException):
     STATUS = 500

django_forest/authentication/utils.py

@@ -1,11 +1,21 @@
 from django.http import JsonResponse
-from django_forest.authentication.exception import BaseAuthenticationException
+from django_forest.authentication.exception import BaseAuthenticationException, AuthenticationOpenIdClientException
 
 
 def authentication_exception(f):
     def wrapper(*args, **kwargs):
         try:
             return f(*args, **kwargs)
+        except AuthenticationOpenIdClientException as error:
+            return JsonResponse(
+                {
+                    "error": error.error,
+                    "error_description": error.error_description,
+                    "state": error.state
+                },
+                status=error.STATUS
+            )
+
         except BaseAuthenticationException as error:
             return JsonResponse({'errors': [{'detail': str(error)}]}, status=error.STATUS)
     return wrapper

django_forest/authentication/views/callback.py

@@ -7,7 +7,11 @@
 from oic.oauth2 import AuthorizationResponse
 from django.http import JsonResponse
 from django.views.generic import View
-from django_forest.authentication.exception import AuthenticationClientException, AuthenticationThirdPartyException
+from django_forest.authentication.exception import (
+    AuthenticationClientException,
+    AuthenticationOpenIdClientException,
+    AuthenticationThirdPartyException
+)
 
 from django_forest.authentication.oidc.client_manager import OidcClientManager
 from django_forest.authentication.utils import authentication_exception
@@ -63,6 +67,13 @@ def _handle_authent_error(self, response):
         )
 
     def parse_authorization_response(self, client, state, full_path_info):
+        if "error" in self.request.GET:
+            raise AuthenticationOpenIdClientException(
+                "error given in the query GET params",
+                self.request.GET["error"],
+                self.request.GET["error_description"],
+                self.request.GET["state"]
+            )
         return client.parse_response(
             AuthorizationResponse,
             info=full_path_info,

django_forest/tests/authentication/views/test_callback.py

@@ -276,3 +276,19 @@ def test_iat_issued_in_future_outside_allowed_skew(self, mocked_requests_get, mo
         """
         with self.assertRaises(IATError):
             self.client.get(self.url)
+
+
+    def test_trial_period_ended(self):
+        query={
+            "error": "TrialBlockedError",
+            "error_description": "Your free trial has ended. We hope you enjoyed your experience with Forest Admin. "
+            "Upgrade now to continue accessing your project.",
+            "state": "{\"renderingId\": 36}",
+        }
+        url = reverse('django_forest:authentication:callback')
+        response = self.client.get(f'{url}?{urlencode(query)}')
+        self.assertEqual(response.status_code, 401)
+        body = response.json()
+        self.assertEqual(body["error"], query["error"])
+        self.assertEqual(body["error_description"], query["error_description"])
+        self.assertEqual(body["state"], query["state"])