Use new error format for auth errors (factor exceptions into module)

2016-04-11 16:20:11 -04:00 · 2016-04-11 16:20:11 -04:00 · eba75494d9
commit eba75494d9
parent 9c08717173
25 changed files with 214 additions and 177 deletions
--- a/auth/auth.py
+++ b/auth/auth.py
@ -13,6 +13,7 @@ import scopes

 from data import model
 from app import app, authentication
+from endpoints.exception import InvalidToken, ExpiredToken
 from permissions import QuayDeferredPermissionUser
 from auth_context import (set_authenticated_user, set_validated_token, set_grant_context,
                          set_validated_oauth_token)
@ -50,20 +51,10 @@ def _validate_and_apply_oauth_token(token):
  validated = model.oauth.validate_access_token(token)
  if not validated:
    logger.warning('OAuth access token could not be validated: %s', token)
-    authenticate_header = {
-      'WWW-Authenticate': ('Bearer error="invalid_token", '
-                           'error_description="The access token is invalid"'),
-    }
-    abort(401, message='OAuth access token could not be validated: %(token)s',
-          issue='invalid-oauth-token', token=token, headers=authenticate_header)
+    raise InvalidToken('OAuth access token could not be validated: {token}'.format(token=token))
  elif validated.expires_at <= datetime.utcnow():
    logger.info('OAuth access with an expired token: %s', token)
-    authenticate_header = {
-      'WWW-Authenticate': ('Bearer error="invalid_token", '
-                           'error_description="The access token expired"'),
-    }
-    abort(401, message='OAuth access token has expired: %(token)s',
-          issue='invalid-oauth-token', token=token, headers=authenticate_header)
+    raise ExpiredToken('OAuth access token has expired: {token}'.format(token=token))

  # Don't allow disabled users to login.
  if not validated.authorized_user.enabled: