diff --git a/backend/web/login/login.py b/backend/web/login/login.py
index ffe67701f07b1b8ba529e90072a0a24cf4b745b1..12d4ff1aecaa1aa69fc960ff9033aa30b09006bf 100644
--- a/backend/web/login/login.py
+++ b/backend/web/login/login.py
@@ -228,15 +228,21 @@ def auth():
# Authorize the user
# False positive: pylint: disable=no-member
- redirect_to = hydra_admin_api.accept_login_request(
- challenge,
- accept_login_request=AcceptLoginRequest(
- identity.id,
- remember=True,
- # Remember session for 7d
- remember_for=60 * 60 * 24 * 7,
- )
- ).redirect_to
+
+ try:
+ redirect_to = hydra_admin_api.accept_login_request(
+ challenge,
+ accept_login_request=AcceptLoginRequest(
+ identity.id,
+ remember=True,
+ # Remember session for 7d
+ remember_for=60 * 60 * 24 * 7,
+ )
+ ).redirect_to
+ except Exception as e:
+ current_app.logger.error("Failure during accepting login request. Redirecting to logout, hopefully to wipe cookies")
+ current_app.logger.error(e)
+ return redirect("logout")
return redirect(redirect_to)
@@ -332,11 +338,15 @@ def consent():
except AttributeError:
current_app.logger.error(f"Could not find app for client {client_id}")
return redirect(
- consent_request.reject(
- error="No access",
- error_description="The user has no access for app",
- error_hint="Contact your administrator",
- status_code=401,
+ hydra_admin_api.reject_consent_request(
+ challenge,
+ # In previous versions of the hydra API client library, we
+ # could set these parameters, but that's no longer possible,
+ # not sure why.
+ # error="No access",
+ # error_description="The user has no access for app",
+ # error_hint="Contact your administrator",
+ # status_code=401,
)
)
@@ -353,11 +363,15 @@ def consent():
# If there is no role in app_roles or the role_id for an app is null user has no permissions
current_app.logger.error(f"User has no access for: {app_obj.name}")
return redirect(
- consent_request.reject(
- error="No access",
- error_description="The user has no access for app",
- error_hint="Contact your administrator",
- status_code=401,
+ hydra_admin_api.reject_consent_request(
+ challenge,
+ # In previous versions of the hydra API client library, we
+ # could set these parameters, but that's no longer possible,
+ # not sure why.
+ # error="No access",
+ # error_description="The user has no access for app",
+ # error_hint="Contact your administrator",
+ # status_code=401,
)
)
else:
@@ -375,14 +389,23 @@ def consent():
current_app.logger.info(f"{kratos_id} was granted access to {client_id}")
# False positive: pylint: disable=no-member
- return redirect(
- consent_request.accept(
- grant_scope=consent_request.requested_scope,
- grant_access_token_audience=consent_request.requested_access_token_audience,
- session=claims,
- )
- )
+ try:
+ redirectUrl = hydra_admin_api.accept_consent_request(
+ challenge,
+ accept_consent_request=AcceptConsentRequest(
+ grant_scope=consent_request.requested_scope,
+ grant_access_token_audience=consent_request.requested_access_token_audience,
+ session=ConsentRequestSession(**claims),
+ )
+ ).redirect_to
+ except:
+ # If an unexpected error occurs, logout, hopefully that wipes the
+ # relevant cookies
+ current_app.logger.error('Fatal processing consent, redirect to logout:' + str(e))
+ return redirect("logout")
+ current_app.logger.info(f"Redirect to: {redirectUrl}")
+ return redirect(redirectUrl)
@web.route("/status", methods=["GET", "POST"])
def status():
@@ -479,9 +502,9 @@ def prelogout():
# Accept logout request and direct to hydra to remove cookies
try:
- hydra_return = logout_request.accept(subject=logout_request.subject)
+ hydra_return = hydra_admin_api.accept_logout_request(challenge)
if hydra_return:
- return redirect(hydra_return)
+ return redirect(hydra_return.redirect_to)
except Exception as ex:
current_app.logger.info("Error logging out hydra: %s", str(ex))