Merge branch 'master' of git.blender.org:pillar into elastic

2018-01-05 10:56:46 +01:00
parent de8c6a8b63 91660fefe4
commit 24d38fe52e
5 changed files with 22 additions and 24 deletions
--- a/pillar/api/blender_id.py
+++ b/pillar/api/blender_id.py
@@ -209,14 +209,19 @@ def fetch_blenderid_user() -> dict:
    :raises LogoutUser: when Blender ID tells us the current token is
        invalid, and the user should be logged out.
    """
-
    import httplib2  # used by the oauth2 package

+    my_log = log.getChild('fetch_blenderid_user')
+
    bid_url = '%s/api/user' % blender_id_endpoint()
-    log.debug('Fetching user info from %s', bid_url)
+    my_log.debug('Fetching user info from %s', bid_url)

    credentials = current_app.config['OAUTH_CREDENTIALS']['blender-id']
-    oauth_token = session['blender_id_oauth_token']
+    oauth_token = session.get('blender_id_oauth_token')
+    if not oauth_token:
+        my_log.warning('no Blender ID oauth token found in user session')
+        return {}
+
    assert isinstance(oauth_token, str), f'oauth token must be str, not {type(oauth_token)}'

    oauth_session = OAuth2Session(
@@ -226,23 +231,23 @@ def fetch_blenderid_user() -> dict:
    try:
        bid_resp = oauth_session.get(bid_url)
    except httplib2.HttpLib2Error:
-        log.exception('Error getting %s from BlenderID', bid_url)
+        my_log.exception('Error getting %s from BlenderID', bid_url)
        return {}

    if bid_resp.status_code == 403:
-        log.warning('Error %i from BlenderID %s, logging out user', bid_resp.status_code, bid_url)
+        my_log.warning('Error %i from BlenderID %s, logging out user', bid_resp.status_code, bid_url)
        raise LogoutUser()

    if bid_resp.status_code != 200:
-        log.warning('Error %i from BlenderID %s: %s', bid_resp.status_code, bid_url, bid_resp.text)
+        my_log.warning('Error %i from BlenderID %s: %s', bid_resp.status_code, bid_url, bid_resp.text)
        return {}

    payload = bid_resp.json()
    if not payload:
-        log.warning('Empty data returned from BlenderID %s', bid_url)
+        my_log.warning('Empty data returned from BlenderID %s', bid_url)
        return {}

-    log.debug('BlenderID returned %s', payload)
+    my_log.debug('BlenderID returned %s', payload)
    return payload


--- a/pillar/api/users/hooks.py
+++ b/pillar/api/users/hooks.py
@@ -168,8 +168,8 @@ def grant_org_roles(user_doc):

    email = user_doc.get('email')
    if not email:
-        log.warning('Unable to check new user for organization membership, no email address! %r',
-                    user_doc)
+        log.info('Unable to check new user for organization membership, no email address: %r',
+                 user_doc)
        return

    org_roles = current_app.org_manager.unknown_member_roles(email)
--- a/pillar/api/utils/authorization.py
+++ b/pillar/api/utils/authorization.py
@@ -345,13 +345,13 @@ def require_login(*, require_roles=set(),
                return render_error()

            if require_roles and not current_user.matches_roles(require_roles, require_all):
-                log.warning('User %s is authenticated, but does not have required roles %s to '
-                            'access %s', current_user.user_id, require_roles, func)
+                log.info('User %s is authenticated, but does not have required roles %s to '
+                         'access %s', current_user.user_id, require_roles, func)
                return render_error()

            if require_cap and not current_user.has_cap(require_cap):
-                log.warning('User %s is authenticated, but does not have required capability %s to '
-                            'access %s', current_user.user_id, require_cap, func)
+                log.info('User %s is authenticated, but does not have required capability %s to '
+                         'access %s', current_user.user_id, require_cap, func)
                return render_error()

            return func(*args, **kwargs)