Better logging of OAuth issues, in the hope to figure out what's going on.

2016-10-11 17:09:02 +02:00
parent 5dd49fa5dd
commit 4eb8319697
2 changed files with 13 additions and 6 deletions
--- a/pillar/init.py
+++ b/pillar/init.py
@@ -307,7 +307,7 @@ class PillarServer(Eve):
        super(PillarServer, self).register_error_handlers()

        # Register error handlers per code.
-        for code in (403, 404, 500):
+        for code in (403, 404, 412, 500):
            self.register_error_handler(code, self.pillar_error_handler)

        # Register error handlers per exception.
--- a/pillar/web/users/routes.py
+++ b/pillar/web/users/routes.py
@@ -47,12 +47,19 @@ def login():
@blueprint.route('/oauth/blender-id/authorized')
 def blender_id_authorized():
    check_oauth_provider(current_app.oauth_blender_id)
-    oauth_resp = current_app.oauth_blender_id.authorized_response()
+    try:
+        oauth_resp = current_app.oauth_blender_id.authorized_response()
+    except OAuthException as ex:
+        log.warning('Error parsing BlenderID OAuth response. data=%s; message=%s',
+                    ex.data, ex.message)
+        raise wz_exceptions.Forbidden('Access denied, sorry!')
+
    if oauth_resp is None:
-        return 'Access denied: reason=%s error=%s' % (
-            request.args['error_reason'],
-            request.args['error_description']
-        )
+        msg = 'Access denied: reason=%s error=%s' % (
+            request.args.get('error_reason'), request.args.get('error_description'))
+        log.warning('Access denied to user because oauth_resp=None: %s', msg)
+        return wz_exceptions.Forbidden(msg)
+
    if isinstance(oauth_resp, OAuthException):
        return 'Access denied: %s' % oauth_resp.message