Return error from profile endpoint if keycloak expired

tests/test_graphql_api/test_helsinki_profile/test_query.py

@@ -1,5 +1,7 @@
 from __future__ import annotations
 
+from typing import TYPE_CHECKING, Any
+
 import pytest
 
 from tilavarauspalvelu.utils.helauth.clients import HelsinkiProfileClient
@@ -12,6 +14,9 @@
 
 from .helpers import profile_query
 
+if TYPE_CHECKING:
+    from tilavarauspalvelu.typing import SessionMapping
+
 # Applied to all tests
 pytestmark = [
     pytest.mark.django_db,
@@ -334,3 +339,19 @@ def test_helsinki_profile_data__query__unit_admin(graphql):
         "firstName": profile_data["verifiedPersonalInformation"]["firstName"],
         "lastName": profile_data["verifiedPersonalInformation"]["lastName"],
     }
+
+
+def test_helsinki_profile_data__query__keycloak_token_expired(graphql):
+    user = UserFactory.create(profile_id="foo", social_auth__extra_data__amr=ProfileLoginAMR.SUOMI_FI.value)
+    application = ApplicationFactory.create(user=user)
+
+    graphql.login_with_superuser()
+    query = profile_query(application_id=application.id)
+
+    def change_session(session: SessionMapping, **kwargs: Any) -> None:
+        session["keycloak_refresh_token_expired"] = True
+
+    with patch_method(HelsinkiProfileClient.get_user_profile_info, side_effect=change_session):
+        response = graphql(query)
+
+    assert response.error_message() == "Keycloak refresh token is expired. Please log out and back in again."

tilavarauspalvelu/api/graphql/extensions/error_codes.py

@@ -40,8 +40,10 @@
 HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND = "HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND"
 HELSINKI_PROFILE_RESERVATION_USER_MISSING = "HELSINKI_PROFILE_RESERVATION_USER_MISSING"
 HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND = "HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND"
+HELSINKI_PROFILE_USER_NOT_FOUND = "HELSINKI_PROFILE_USER_NOT_FOUND"
 HELSINKI_PROFILE_TOKEN_INVALID = "HELSINKI_PROFILE_TOKEN_INVALID"  # noqa: S105 # nosec # NOSONAR
 HELSINKI_PROFILE_USER_MISSING_PROFILE_ID = "HELSINKI_PROFILE_USER_MISSING_PROFILE_ID"
+HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED = "HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED"  # noqa: S105 # nosec # NOSONAR
 
 CANNOT_REJECT_APPLICATION_OPTIONS = "CANNOT_REJECT_APPLICATION_OPTIONS"
 CANNOT_REJECT_SECTION_OPTIONS = "CANNOT_REJECT_SECTION_OPTIONS"

tilavarauspalvelu/api/graphql/schema.py

@@ -216,9 +216,14 @@ class Query(graphene.ObjectType):
     )
     profile_data = Field(
         HelsinkiProfileDataNode,
-        reservation_id=graphene.Int(),
-        application_id=graphene.Int(),
-        description="Get information about the user, using Helsinki profile if necessary.",
+        reservation_id=graphene.Int(description="View profile data for this reservation user."),
+        application_id=graphene.Int(description="View profile data for this application user."),
+        description=(
+            "Get information about a user from Helsinki profile. "
+            "If user is not a profile user, still return known information. "
+            "Use only one of 'user_id', 'reservation_id' or 'application_id' to determine what user to get data for. "
+            "This determined required permissions to view the user's info."
+        ),
     )
     #
     # Misc.

tilavarauspalvelu/api/graphql/types/helsinki_profile/types.py

@@ -91,6 +91,11 @@ def get_data(
             session=info.context.session,
             fields=fields,
         )
+        if info.context.session.get("keycloak_refresh_token_expired", False):
+            msg = "Keycloak refresh token is expired. Please log out and back in again."
+            extensions = {"code": error_codes.HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED}
+            raise GraphQLError(msg, extensions=extensions)
+
         if data is None:
             msg = "Helsinki profile token is not valid and could not be refreshed."
             extensions = {"code": error_codes.HELSINKI_PROFILE_TOKEN_INVALID}