From e776fa67e6122314617e4dcd431746a6e73f0cb2 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 14 Feb 2024 15:21:53 +0000 Subject: [PATCH 1/2] :loud_sound: Improve error messages on backend failure. --- apricot/apricot_server.py | 2 +- apricot/oauth/oauth_client.py | 49 +++++++++++++++++++++++------------ run.py | 8 +++--- 3 files changed, 38 insertions(+), 21 deletions(-) diff --git a/apricot/apricot_server.py b/apricot/apricot_server.py index 4d3978d..0cca36c 100644 --- a/apricot/apricot_server.py +++ b/apricot/apricot_server.py @@ -32,7 +32,7 @@ def __init__( **kwargs, ) except Exception as exc: - msg = f"Could not construct an OAuth client for the '{backend}' backend." + msg = f"Could not construct an OAuth client for the '{backend}' backend.\n{exc!s}" raise ValueError(msg) from exc # Create an LDAPServerFactory diff --git a/apricot/oauth/oauth_client.py b/apricot/oauth/oauth_client.py index 3f1f24b..d3dcdb3 100644 --- a/apricot/oauth/oauth_client.py +++ b/apricot/oauth/oauth_client.py @@ -33,25 +33,40 @@ def __init__( # this, but Requests-OAuthlib raises exception on scope mismatch by default.) os.environ["OAUTHLIB_RELAX_TOKEN_SCOPE"] = "1" # noqa: S105 os.environ["OAUTHLIB_IGNORE_SCOPE_CHANGE"] = "1" - # OAuth client that uses application credentials - self.session_application = OAuth2Session( - client=BackendApplicationClient( - client_id=client_id, scope=scopes, redirect_uri=redirect_uri + + try: + # OAuth client that uses application credentials + self.session_application = OAuth2Session( + client=BackendApplicationClient( + client_id=client_id, scope=scopes, redirect_uri=redirect_uri + ) ) - ) - # OAuth client that uses delegated credentials - self.session_interactive = OAuth2Session( - client=LegacyApplicationClient( - client_id=client_id, scope=scopes, redirect_uri=redirect_uri + except Exception as exc: + msg = f"Failed to initialise application credential client.\n{exc!s}" + raise RuntimeError(msg) from exc + + try: + # OAuth client that uses delegated credentials + self.session_interactive = OAuth2Session( + client=LegacyApplicationClient( + client_id=client_id, scope=scopes, redirect_uri=redirect_uri + ) ) - ) - # Request a new bearer token - json_response = self.session_application.fetch_token( - token_url=self.token_url, - client_id=self.session_application._client.client_id, - client_secret=self.client_secret, - ) - self.bearer_token = self.extract_token(json_response) + except Exception as exc: + msg = f"Failed to initialise delegated credential client.\n{exc!s}" + raise RuntimeError(msg) from exc + + try: + # Request a new bearer token + json_response = self.session_application.fetch_token( + token_url=self.token_url, + client_id=self.session_application._client.client_id, + client_secret=self.client_secret, + ) + self.bearer_token = self.extract_token(json_response) + except Exception as exc: + msg = f"Failed to fetch bearer token from OAuth endpoint.\n{exc!s}" + raise RuntimeError(msg) from exc @abstractmethod def extract_token(self, json_response: JSONDict) -> str: diff --git a/run.py b/run.py index 466958a..e1eeb6b 100644 --- a/run.py +++ b/run.py @@ -1,4 +1,5 @@ import argparse +import sys from apricot import ApricotServer from apricot.oauth import OAuthBackend @@ -23,9 +24,10 @@ # Create the Apricot server reactor = ApricotServer(**vars(args)) - except Exception: - msg = "Unable to initialise Apricot server from provided command line arguments." - raise ValueError(msg) + except Exception as exc: + msg = f"Unable to initialise Apricot server from provided command line arguments.\n{str(exc)}" + print(msg) + sys.exit(1) # Run the Apricot server reactor.run() From fab356bac8e451c8d8de3889add735123d32171e Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 14 Feb 2024 15:39:27 +0000 Subject: [PATCH 2/2] :loud_sound: Better logging of factory type --- apricot/ldap/oauth_ldap_server_factory.py | 3 +++ apricot/ldap/oauth_ldap_tree.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/apricot/ldap/oauth_ldap_server_factory.py b/apricot/ldap/oauth_ldap_server_factory.py index 9794d1c..333eda8 100644 --- a/apricot/ldap/oauth_ldap_server_factory.py +++ b/apricot/ldap/oauth_ldap_server_factory.py @@ -19,6 +19,9 @@ def __init__(self, oauth_client: OAuthClient): # Create an LDAP lookup tree self.adaptor = OAuthLDAPTree(oauth_client) + def __repr__(self) -> str: + return f"{self.__class__.__name__} using adaptor {self.adaptor}" + def buildProtocol(self, addr: IAddress) -> Protocol: # noqa: N802 """ Create an LDAPServer instance. diff --git a/apricot/ldap/oauth_ldap_tree.py b/apricot/ldap/oauth_ldap_tree.py index 11adfd8..aa81313 100644 --- a/apricot/ldap/oauth_ldap_tree.py +++ b/apricot/ldap/oauth_ldap_tree.py @@ -37,6 +37,9 @@ def __init__(self, oauth_client: OAuthClient) -> None: for user_attrs in self.oauth_client.users(): users_ou.add_child(f"CN={user_attrs['name'][0]}", user_attrs) + def __repr__(self) -> str: + return f"{self.__class__.__name__} with backend {self.oauth_client.__class__.__name__}" + def build_root(self, dn: str, attributes: LDAPAttributeDict) -> OAuthLDAPEntry: """ Construct the root of the LDAP tree