auth_jwt: clarify exceptions

Distinguish errors that lead to a 401 from internal configuration errors.
timnis · Jun 8, 2023 · 4b75df2 · 4b75df2
1 parent 8d2c85b
commit 4b75df2
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/auth_jwt/exceptions.py b/auth_jwt/exceptions.py
@@ -36,7 +36,7 @@ class UnauthorizedPartnerNotFound(Unauthorized):
     pass
 
 
-class CompositeJwtError(Unauthorized):
+class UnauthorizedCompositeJwtError(Unauthorized):
     """Indicate that multiple errors occurred during JWT chain validation."""
 
     def __init__(self, errors):
@@ -50,5 +50,5 @@ def __init__(self, errors):
         )
 
 
-class UnauthorizedConfigurationError(Unauthorized):
+class ConfigurationError(InternalServerError):
     pass
diff --git a/auth_jwt/models/ir_http.py b/auth_jwt/models/ir_http.py
@@ -8,8 +8,9 @@
 from odoo.http import request
 
 from ..exceptions import (
-    CompositeJwtError,
-    UnauthorizedConfigurationError,
+    ConfigurationError,
+    Unauthorized,
+    UnauthorizedCompositeJwtError,
     UnauthorizedMalformedAuthorizationHeader,
     UnauthorizedMissingAuthorizationHeader,
     UnauthorizedMissingCookie,
@@ -61,7 +62,7 @@ def _get_jwt_cookie_secret(cls):
         secret = request.env["ir.config_parameter"].sudo().get_param("database.secret")
         if not secret:
             _logger.error("database.secret system parameter is not set.")
-            raise UnauthorizedConfigurationError()
+            raise ConfigurationError()
         return secret
 
     @classmethod
@@ -94,19 +95,19 @@ def _auth_method_jwt(cls, validator_name=None):
             try:
                 payload = cls._get_jwt_payload(validator)
                 break
-            except Exception as e:
+            except Unauthorized as e:
                 exceptions[validator.name] = e
                 validator = validator.next_validator_id
 
         if not payload:
             if len(exceptions) == 1:
                 raise list(exceptions.values())[0]
-            raise CompositeJwtError(exceptions)
+            raise UnauthorizedCompositeJwtError(exceptions)
 
         if validator.cookie_enabled:
             if not validator.cookie_name:
                 _logger.info("Cookie name not set for validator %s", validator.name)
-                raise UnauthorizedConfigurationError()
+                raise ConfigurationError()
             request.future_response.set_cookie(
                 key=validator.cookie_name,
                 value=validator._encode(

diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py
@@ -15,8 +15,8 @@
 
 from ..exceptions import (
     AmbiguousJwtValidator,
-    CompositeJwtError,
     JwtValidatorNotFound,
+    UnauthorizedCompositeJwtError,
     UnauthorizedInvalidToken,
     UnauthorizedMalformedAuthorizationHeader,
     UnauthorizedMissingAuthorizationHeader,
@@ -196,7 +196,7 @@ def test_auth_method_invalid_token_on_chain(self):
 
         authorization = "Bearer " + self._create_token()
         with self._mock_request(authorization=authorization):
-            with self.assertRaises(CompositeJwtError) as composite_error:
+            with self.assertRaises(UnauthorizedCompositeJwtError) as composite_error:
                 self.env["ir.http"]._auth_method_jwt_validator()
             self.assertEqual(
                 str(composite_error.exception),