[airavata-django-portal] 02/04: Handle refresh token failure

[machristie]

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch staging
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit 5e515b7135b666751d3e33f4530c85f1f1be7a27
Author: Marcus Christie <machris...@apache.org>
AuthorDate: Sun Jul 18 15:23:22 2021 -0400

    Handle refresh token failure
---
 django_airavata/apps/auth/backends.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/django_airavata/apps/auth/backends.py 
b/django_airavata/apps/auth/backends.py
index 349d4d2..91a9e7b 100644
--- a/django_airavata/apps/auth/backends.py
+++ b/django_airavata/apps/auth/backends.py
@@ -54,6 +54,8 @@ class KeycloakBackend(object):
                 logger.debug("Refreshing token...")
                 token, userinfo = \
                     self._get_token_and_userinfo_from_refresh_token(request)
+                if token is None:  # refresh failed
+                    return None
                 self._process_token(request, token)
                 # user is already logged in
                 user = request.user
@@ -63,6 +65,8 @@ class KeycloakBackend(object):
                 token, userinfo = \
                     self._get_token_and_userinfo_from_refresh_token(
                         request, refresh_token=refresh_token)
+                if token is None:  # refresh failed
+                    return None
                 self._process_token(request, token)
                 user = self._process_userinfo(request, userinfo)
                 access_token = token['access_token']
@@ -161,12 +165,16 @@ class KeycloakBackend(object):
         # refresh_token doesn't take client_secret kwarg, so create auth
         # explicitly
         auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
-        token = oauth2_session.refresh_token(token_url=token_url,
-                                             refresh_token=refresh_token_,
-                                             auth=auth,
-                                             verify=verify)
-        userinfo = oauth2_session.get(userinfo_url).json()
-        return token, userinfo
+        try:
+            token = oauth2_session.refresh_token(token_url=token_url,
+                                                 refresh_token=refresh_token_,
+                                                 auth=auth,
+                                                 verify=verify)
+            userinfo = oauth2_session.get(userinfo_url).json()
+            return token, userinfo
+        except InvalidGrantError as e:
+            logger.warning(f"Failed to refresh token {refresh_token_}: {e}")
+            return None, None
 
     def _get_userinfo_from_token(self, request, token):
         client_id = settings.KEYCLOAK_CLIENT_ID