Skip to content

Commit

Permalink
Return error from profile endpoint if keycloak expired
Browse files Browse the repository at this point in the history
  • Loading branch information
matti-lamppu committed Dec 17, 2024
1 parent 647d848 commit 75ac386
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 3 deletions.
21 changes: 21 additions & 0 deletions tests/test_graphql_api/test_helsinki_profile/test_query.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
from __future__ import annotations

from typing import TYPE_CHECKING, Any

import pytest

from tilavarauspalvelu.utils.helauth.clients import HelsinkiProfileClient
Expand All @@ -12,6 +14,9 @@

from .helpers import profile_query

if TYPE_CHECKING:
from tilavarauspalvelu.typing import SessionMapping

# Applied to all tests
pytestmark = [
pytest.mark.django_db,
Expand Down Expand Up @@ -334,3 +339,19 @@ def test_helsinki_profile_data__query__unit_admin(graphql):
"firstName": profile_data["verifiedPersonalInformation"]["firstName"],
"lastName": profile_data["verifiedPersonalInformation"]["lastName"],
}


def test_helsinki_profile_data__query__keycloak_token_expired(graphql):
user = UserFactory.create(profile_id="foo", social_auth__extra_data__amr=ProfileLoginAMR.SUOMI_FI.value)
application = ApplicationFactory.create(user=user)

graphql.login_with_superuser()
query = profile_query(application_id=application.id)

def change_session(session: SessionMapping, **kwargs: Any) -> None:
session["keycloak_refresh_token_expired"] = True

with patch_method(HelsinkiProfileClient.get_user_profile_info, side_effect=change_session):
response = graphql(query)

assert response.error_message() == "Keycloak refresh token is expired. Please log out and back in again."
2 changes: 2 additions & 0 deletions tilavarauspalvelu/api/graphql/extensions/error_codes.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@
HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND = "HELSINKI_PROFILE_APPLICATION_USER_NOT_FOUND"
HELSINKI_PROFILE_RESERVATION_USER_MISSING = "HELSINKI_PROFILE_RESERVATION_USER_MISSING"
HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND = "HELSINKI_PROFILE_RESERVATION_USER_NOT_FOUND"
HELSINKI_PROFILE_USER_NOT_FOUND = "HELSINKI_PROFILE_USER_NOT_FOUND"
HELSINKI_PROFILE_TOKEN_INVALID = "HELSINKI_PROFILE_TOKEN_INVALID" # noqa: S105 # nosec # NOSONAR
HELSINKI_PROFILE_USER_MISSING_PROFILE_ID = "HELSINKI_PROFILE_USER_MISSING_PROFILE_ID"
HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED = "HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED" # noqa: S105 # nosec # NOSONAR

CANNOT_REJECT_APPLICATION_OPTIONS = "CANNOT_REJECT_APPLICATION_OPTIONS"
CANNOT_REJECT_SECTION_OPTIONS = "CANNOT_REJECT_SECTION_OPTIONS"
Expand Down
11 changes: 8 additions & 3 deletions tilavarauspalvelu/api/graphql/schema.py
Original file line number Diff line number Diff line change
Expand Up @@ -216,9 +216,14 @@ class Query(graphene.ObjectType):
)
profile_data = Field(
HelsinkiProfileDataNode,
reservation_id=graphene.Int(),
application_id=graphene.Int(),
description="Get information about the user, using Helsinki profile if necessary.",
reservation_id=graphene.Int(description="View profile data for this reservation user."),
application_id=graphene.Int(description="View profile data for this application user."),
description=(
"Get information about a user from Helsinki profile. "
"If user is not a profile user, still return known information. "
"Use only one of 'user_id', 'reservation_id' or 'application_id' to determine what user to get data for. "
"This determined required permissions to view the user's info."
),
)
#
# Misc.
Expand Down
5 changes: 5 additions & 0 deletions tilavarauspalvelu/api/graphql/types/helsinki_profile/types.py
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,11 @@ def get_data(
session=info.context.session,
fields=fields,
)
if info.context.session.get("keycloak_refresh_token_expired", False):
msg = "Keycloak refresh token is expired. Please log out and back in again."
extensions = {"code": error_codes.HELSINKI_PROFILE_KEYCLOAK_REFRESH_TOKEN_EXPIRED}
raise GraphQLError(msg, extensions=extensions)

if data is None:
msg = "Helsinki profile token is not valid and could not be refreshed."
extensions = {"code": error_codes.HELSINKI_PROFILE_TOKEN_INVALID}
Expand Down

0 comments on commit 75ac386

Please sign in to comment.