From f6384042c3d2af7d0ad55244d734a2a2bffc72a5 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Tue, 12 Nov 2019 14:46:51 +0100
Subject: [PATCH] Raise HTTPError when backend connection fails

---
 consent_provider/app.py | 11 ++++++++++-
 consent_provider/db.py  | 15 +++++++++------
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/consent_provider/app.py b/consent_provider/app.py
index 75125f3..40d9de2 100644
--- a/consent_provider/app.py
+++ b/consent_provider/app.py
@@ -3,6 +3,7 @@ from flask.views import View
 from os import urandom, environ
 from hydra_client import HydraAdmin
 from db import User
+import urllib
 
 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
 
@@ -17,7 +18,15 @@ def home():
     consent_request = hydra.consent_request(challenge)
     app_name = consent_request.client["client_name"]
     username = consent_request.subject
-    user = User(username)
+    try:
+        user = User(username)
+    except urllib.error.HTTPError as e:
+        # TODO: replace with propper logging via logger
+        print("Retrieving user object from GraphQL server failed")
+        print(e)
+        return redirect(consent_request.reject(
+            "Permission denied",
+            error_description="Login request was denied due to an internal server error"))
     access_granted = user.has_app_permission(app_name)
     if access_granted:
         session = user.get_oauth_session()
diff --git a/consent_provider/db.py b/consent_provider/db.py
index 903b245..6e9f020 100644
--- a/consent_provider/db.py
+++ b/consent_provider/db.py
@@ -1,6 +1,7 @@
 from os import environ
 from hydra_client import HydraAdmin
 from graphqlclient import GraphQLClient
+import urllib
 import json
 
 GRAPHQL_URL = environ['GRAPHQL_URL']
@@ -10,7 +11,10 @@ GRAPHQL_CLIENT = GraphQLClient(GRAPHQL_URL)
 class User():
     def __init__(self, username):
         self.username = username
-        self._load_remote_user_info()
+        try:
+            self._load_remote_user_info()
+        except urllib.error.HTTPError as e:
+            raise e
 
     def _load_remote_user_info(self):
         querystring = '''{{
@@ -25,11 +29,10 @@ class User():
             }}
             }}}}'''.format(self.username)
         result = json.loads(GRAPHQL_CLIENT.execute(querystring))
-        if "data" in result:
-            data = result["data"]["getUser"]
-            self.applications = list(map(lambda x: x["node"]["name"],
-                                         data["applications"]["edges"]))
-            self.email = data["email"]
+        data = result["data"]["getUser"]
+        self.applications = list(map(lambda x: x["node"]["name"],
+                                     data["applications"]["edges"]))
+        self.email = data["email"]
 
     def has_app_permission(self, appname):
         return appname in self.applications
-- 
GitLab