idp oidc: log invalid request's response error (#19837)
This commit is contained in:
parent
fe64b1edef
commit
bafb9dceb1
|
@ -53,6 +53,7 @@ def certs(request, *args, **kwargs):
|
|||
|
||||
def authorization_error(request, redirect_uri, error, error_description=None, error_uri=None,
|
||||
state=None, fragment=False):
|
||||
logger = logging.getLogger(__name__)
|
||||
params = {
|
||||
'error': error,
|
||||
}
|
||||
|
@ -62,6 +63,8 @@ def authorization_error(request, redirect_uri, error, error_description=None, er
|
|||
params['error_uri'] = error_uri
|
||||
if state is not None:
|
||||
params['state'] = state
|
||||
logger.warning(u'idp_oidc: authorization request error redirect_uri=%r error=%r error_description=%r',
|
||||
redirect_uri, error, error_description, extra={'redirect_uri': redirect_uri})
|
||||
if fragment:
|
||||
return redirect(request, redirect_uri + '#%s' % urlencode(params), resolve=False)
|
||||
else:
|
||||
|
|
|
@ -274,7 +274,7 @@ def assert_authorization_response(response, fragment=False, **kwargs):
|
|||
assert value in query[key][0]
|
||||
|
||||
|
||||
def test_invalid_request(oidc_settings, oidc_client, simple_user, app):
|
||||
def test_invalid_request(caplog, oidc_settings, oidc_client, simple_user, app):
|
||||
redirect_uri = oidc_client.redirect_uris.split()[0]
|
||||
if oidc_client.authorization_flow == oidc_client.FLOW_AUTHORIZATION_CODE:
|
||||
fragment = False
|
||||
|
@ -317,6 +317,11 @@ def test_invalid_request(oidc_settings, oidc_client, simple_user, app):
|
|||
response = app.get(authorize_url)
|
||||
assert_oidc_error(response, 'invalid_request', 'missing parameter \'response_type\'',
|
||||
fragment=fragment)
|
||||
logrecord = [rec for rec in caplog.records if rec.funcName == 'authorization_error'][0]
|
||||
assert logrecord.levelname == 'WARNING'
|
||||
assert logrecord.redirect_uri == 'https://example.com/callback'
|
||||
assert 'missing parameter \'response_type\'' in logrecord.message
|
||||
|
||||
# missing scope
|
||||
authorize_url = make_url('oidc-authorize', params={
|
||||
'client_id': oidc_client.client_id,
|
||||
|
|
Loading…
Reference in New Issue