strasbourg: don't crash on unauthorized errors (#25031)

2018-07-04 10:11:00 +02:00 · 2018-07-04 10:11:00 +02:00 · 44f2a98239
parent 99a1b5f739
commit 44f2a98239
2 changed files with 31 additions and 3 deletions
--- a/passerelle/contrib/strasbourg_eu/models.py
+++ b/passerelle/contrib/strasbourg_eu/models.py
@ -48,7 +48,10 @@ class StrasbourgEu(BaseResource):
            if name_id is None:
                raise APIError('missing name_id')
            # expected content: {"interests": ["123", "456"]}
-            interests = json.loads(request.body).get('interests')
+            response = json.loads(request.body)
+            if 'error ' in response:
+                return {'err': 1, 'err_desc': response.get('error')}
+            interests = response.get('interests')
            if interests is None:
                interests = []  # reset
            url = urlparse.urljoin(self.liferay_api_url, 'jsonws/interest.interest/set-user-interests')
@ -56,7 +59,10 @@ class StrasbourgEu(BaseResource):
            if 'error' in response:
                return {'err': 1, 'err_desc': response.get('error')}
        url = urlparse.urljoin(self.liferay_api_url, 'jsonws/interest.interest/get-interests')
-        interests = self.requests.get(url).json().get('interests')
+        response = self.requests.get(url).json()
+        interests = response.get('interests')
+        if interests is None:
+            return {'err': 1, 'err_desc': response.get('error')}
        if name_id is not None:
            url = urlparse.urljoin(self.liferay_api_url, 'jsonws/interest.interest/get-user-interests')
            user_choices = self.requests.post(url, data={'userId': name_id}).json().get('interests')
@ -74,6 +80,8 @@ class StrasbourgEu(BaseResource):
        if request.method == 'GET':
            url = urlparse.urljoin(self.liferay_api_url, 'jsonws/notification.notification/get-user-notifications')
            notifications = self.requests.post(url, data={'userId': name_id}).json()
+            if 'error' in notifications:
+                return {'err': 1, 'err_desc': notifications.get('error')}
            for notification in notifications['notifications']:
                notification['parsedPublicationDate'] = None
                for date_format in ('%Y-%m-%d %H:%M:%S', '%a %b %d %H:%M:%S %Z %Y'):
@ -109,7 +117,10 @@ class StrasbourgEu(BaseResource):
    def favorites(self, request, name_id, url_filter=None, **kwargs):
        if request.method == 'GET':
            url = urlparse.urljoin(self.liferay_api_url, 'jsonws/favorite.favorite/get-user-favorites')
-            favorites = self.requests.post(url, data={'userId': name_id}).json().get('favorites')
+            response = self.requests.post(url, data={'userId': name_id}).json()
+            if 'error' in response:
+                return {'err': 1, 'err_desc': response.get('error')}
+            favorites = response['favorites']
            if url_filter:
                favorites = [x for x in favorites if x['url'] == url_filter]
            return {'favorites': favorites}
--- a/tests/test_strasbourg_eu.py
+++ b/tests/test_strasbourg_eu.py
@ -89,6 +89,8 @@ ERROR_EXAMPLE = u"""{
    "error": "MESSAGE"
 }"""

+UNAUTHORIZED_EXAMPLE = u"""{"error":"not authorized"}"""
+
 FAVORITES_EXAMPLE = u"""{
    "favorites": [
        {
@ -144,6 +146,8 @@ def notification_add_success_mock(url, request):
 def notification_add_error_mock(url, request):
    return {'content': ERROR_EXAMPLE, 'request': request, 'status_code': 200}

+def unauthorized_mock(url, request):
+    return {'content': UNAUTHORIZED_EXAMPLE, 'request': request, 'status_code': 200}

 def favorites_mock(url, request):
    if url.path.endswith('/get-user-favorites'):
@ -195,9 +199,14 @@ def test_interests(app, strasbourg_eu):
        assert len(resp.json['data']) == 1
        assert resp.json['data'][0]['id'] == '275303'

+    with HTTMock(unauthorized_mock):
+        resp = app.get(endpoint).json
+        assert resp['err_desc'] == 'not authorized'
+

 def test_notifications(app, strasbourg_eu, caplog):
    endpoint = utils.generic_endpoint_url('strasbourg-eu', 'notifications', slug=strasbourg_eu.slug)
+
    with HTTMock(notifications_mock):
        resp = app.get(endpoint, status=400)
        records = [record for record in caplog.records if
@ -220,6 +229,10 @@ def test_notifications(app, strasbourg_eu, caplog):
        resp = app.post_json(endpoint + '?name_id=xxx', params={'title': 'title'})
        assert resp.json['err'] == 1

+    with HTTMock(unauthorized_mock):
+        resp = app.get(endpoint + '?name_id=xxx').json
+        assert resp['err_desc'] == 'not authorized'
+

 def test_favorites(app, strasbourg_eu):
    endpoint = utils.generic_endpoint_url('strasbourg-eu', 'favorites', slug=strasbourg_eu.slug)
@ -236,3 +249,7 @@ def test_favorites(app, strasbourg_eu):

        resp = app.post_json(endpoint + '/12/delete?name_id=xxx', params={})
        assert resp.json['err'] == 0
+
+    with HTTMock(unauthorized_mock):
+        resp = app.get(endpoint + '?name_id=xxx').json
+        assert resp['err_desc'] == 'not authorized'