Refactoring error logging.
This commit is contained in:
parent
56ca4930b8
commit
68b4847219
|
@ -5,6 +5,7 @@ from oidc_provider.lib.utils.params import *
|
|||
from oidc_provider.lib.utils.token import *
|
||||
from oidc_provider.models import *
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
@ -56,9 +57,11 @@ class AuthorizeEndpoint(object):
|
|||
def validate_params(self):
|
||||
|
||||
if not self.params.redirect_uri:
|
||||
logger.error('[Authorize] Missing redirect uri.')
|
||||
raise RedirectUriError()
|
||||
|
||||
if not ('openid' in self.params.scope):
|
||||
logger.error('[Authorize] Missing openid scope.')
|
||||
raise AuthorizeError(
|
||||
self.params.redirect_uri,
|
||||
'invalid_scope',
|
||||
|
@ -68,16 +71,18 @@ class AuthorizeEndpoint(object):
|
|||
self.client = Client.objects.get(client_id=self.params.client_id)
|
||||
|
||||
if not (self.params.redirect_uri in self.client.redirect_uris):
|
||||
logger.error('[Authorize] Invalid redirect uri: %s', self.params.redirect_uri)
|
||||
raise RedirectUriError()
|
||||
|
||||
if not self.grant_type or not (self.params.response_type == self.client.response_type):
|
||||
|
||||
logger.error('[Authorize] Invalid response type: %s', self.params.response_type)
|
||||
raise AuthorizeError(
|
||||
self.params.redirect_uri,
|
||||
'unsupported_response_type',
|
||||
self.grant_type)
|
||||
|
||||
except Client.DoesNotExist:
|
||||
logger.error('[Authorize] Invalid client identifier: %s', self.params.client_id)
|
||||
raise ClientIdError()
|
||||
|
||||
def create_response_uri(self):
|
||||
|
@ -122,11 +127,8 @@ class AuthorizeEndpoint(object):
|
|||
# add access_token to the fragment.
|
||||
if self.params.response_type == 'id_token token':
|
||||
uri += '&access_token={0}'.format(token.access_token)
|
||||
except:
|
||||
logger.error('Authorization server error, grant_type: %s' %self.grant_type, extra={
|
||||
'redirect_uri': self.redirect_uri,
|
||||
'state': self.params.state
|
||||
})
|
||||
except Exception as error:
|
||||
logger.error('[Authorize] Error when trying to create response uri: %s', error)
|
||||
raise AuthorizeError(
|
||||
self.params.redirect_uri,
|
||||
'server_error',
|
||||
|
|
|
@ -9,8 +9,10 @@ from oidc_provider.lib.utils.token import *
|
|||
from oidc_provider.models import *
|
||||
from oidc_provider import settings
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class TokenEndpoint(object):
|
||||
|
||||
def __init__(self, request):
|
||||
|
@ -18,11 +20,6 @@ class TokenEndpoint(object):
|
|||
self.params = Params()
|
||||
self._extract_params()
|
||||
|
||||
logger.debug('Request %s', self.request)
|
||||
logger.debug('TokenEndPoint request.POST --> : %s', self.request.POST)
|
||||
logger.debug('TokenEndpoint request.GET --> : %s', self.request.GET)
|
||||
logger.debug('TokenEndPoint extract_params --> : %s', self.params.__dict__)
|
||||
|
||||
def _extract_params(self):
|
||||
query_dict = self.request.POST
|
||||
|
||||
|
@ -36,31 +33,35 @@ class TokenEndpoint(object):
|
|||
|
||||
def validate_params(self):
|
||||
if not (self.params.grant_type == 'authorization_code'):
|
||||
logger.error('Unsupported grant type: --> : %s', self.params.grant_type)
|
||||
logger.error('[Token] Invalid grant type: %s', self.params.grant_type)
|
||||
raise TokenError('unsupported_grant_type')
|
||||
|
||||
try:
|
||||
self.client = Client.objects.get(client_id=self.params.client_id)
|
||||
|
||||
if not (self.client.client_secret == self.params.client_secret):
|
||||
logger.error('Invalid client, client secret -->: %s', self.params.client_secret)
|
||||
logger.error('[Token] Invalid client secret: client %s do not have secret %s',
|
||||
self.client.client_id, self.client.client_secret)
|
||||
raise TokenError('invalid_client')
|
||||
|
||||
if not (self.params.redirect_uri in self.client.redirect_uris):
|
||||
logger.error('Invalid client, redirect_uri --> : %s', self.params.redirect_uri)
|
||||
logger.error('[Token] Invalid redirect uri: %s', self.params.redirect_uri)
|
||||
raise TokenError('invalid_client')
|
||||
|
||||
self.code = Code.objects.get(code=self.params.code)
|
||||
|
||||
if not (self.code.client == self.client) \
|
||||
or self.code.has_expired():
|
||||
logger.error('Invalid grant, code client --> %s', self.code.client)
|
||||
logger.error('[Token] Invalid code: invalid client or code has expired',
|
||||
self.params.redirect_uri)
|
||||
raise TokenError('invalid_grant')
|
||||
|
||||
except Client.DoesNotExist:
|
||||
logger.error('[Token] Client does not exist: %s', self.params.client_id)
|
||||
raise TokenError('invalid_client')
|
||||
|
||||
except Code.DoesNotExist:
|
||||
logger.error('[Token] Code does not exist: %s', self.params.code)
|
||||
raise TokenError('invalid_grant')
|
||||
|
||||
def create_response_dic(self):
|
||||
|
@ -88,7 +89,7 @@ class TokenEndpoint(object):
|
|||
'expires_in': settings.get('OIDC_TOKEN_EXPIRE'),
|
||||
'id_token': id_token,
|
||||
}
|
||||
logger.debug('Response dictionary --> : %s', dic)
|
||||
|
||||
return dic
|
||||
|
||||
@classmethod
|
||||
|
@ -100,6 +101,4 @@ class TokenEndpoint(object):
|
|||
response['Cache-Control'] = 'no-store'
|
||||
response['Pragma'] = 'no-cache'
|
||||
|
||||
logger.debug('JSON Response --> : %s', response.__dict__)
|
||||
|
||||
return response
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import re
|
||||
import logging
|
||||
|
||||
from django.http import HttpResponse
|
||||
from django.http import JsonResponse
|
||||
|
@ -10,6 +11,9 @@ from oidc_provider.models import *
|
|||
from oidc_provider import settings
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class UserInfoEndpoint(object):
|
||||
|
||||
def __init__(self, request):
|
||||
|
@ -43,12 +47,15 @@ class UserInfoEndpoint(object):
|
|||
self.token = Token.objects.get(access_token=self.params.access_token)
|
||||
|
||||
if self.token.has_expired():
|
||||
logger.error('[UserInfo] Token has expired: %s', self.params.access_token)
|
||||
raise UserInfoError('invalid_token')
|
||||
|
||||
if not ('openid' in self.token.scope):
|
||||
logger.error('[UserInfo] Missing openid scope.')
|
||||
raise UserInfoError('insufficient_scope')
|
||||
|
||||
except Token.DoesNotExist:
|
||||
logger.error('[UserInfo] Token does not exist: %s', self.params.access_token)
|
||||
raise UserInfoError('invalid_token')
|
||||
|
||||
def create_response_dic(self):
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
import logging
|
||||
|
||||
from django.contrib.auth.views import redirect_to_login
|
||||
from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
|
||||
from django.shortcuts import render
|
||||
|
@ -12,6 +14,9 @@ from oidc_provider.lib.endpoints.userinfo import *
|
|||
from oidc_provider.lib.errors import *
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class AuthorizeView(View):
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
|
|
Loading…
Reference in a new issue