From a400a20ee88eb034150b9ec646191e0f872c8142 Mon Sep 17 00:00:00 2001 From: Francois Blackburn Date: Wed, 17 Jul 2024 13:12:53 -0400 Subject: [PATCH] add tenant_uuid to Unauthorized exception why: we are now verifying tenant and scope at the same time, so both can trigger a 403 --- xivo/auth_verifier.py | 6 +++++- xivo/http_exceptions.py | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/xivo/auth_verifier.py b/xivo/auth_verifier.py index b5938eb..27254ff 100644 --- a/xivo/auth_verifier.py +++ b/xivo/auth_verifier.py @@ -82,7 +82,11 @@ def validate_token( except exceptions.InvalidTokenException: raise InvalidTokenAPIException(token_uuid, required_acl) except exceptions.MissingPermissionsTokenException: - raise MissingPermissionsTokenAPIException(token_uuid, required_acl) + raise MissingPermissionsTokenAPIException( + token_uuid, + required_acl, + tenant_uuid, + ) except requests.RequestException as error: raise AuthServerUnreachable(auth_client.host, auth_client.port, error) diff --git a/xivo/http_exceptions.py b/xivo/http_exceptions.py index 59d0a4c..f196229 100644 --- a/xivo/http_exceptions.py +++ b/xivo/http_exceptions.py @@ -35,10 +35,18 @@ def __init__(self, token: str, required_access: str | None = None) -> None: class MissingPermissionsTokenAPIException(rest_api_helpers.APIException): - def __init__(self, token: str, required_access: str | None = None) -> None: - details = {'invalid_token': token, 'reason': 'missing_permission'} - if required_access: - details['required_access'] = required_access + def __init__( + self, + token: str, + required_access: str | None, + tenant_uuid: str | None, + ) -> None: + details = { + 'invalid_token': token, + 'reason': 'missing_permission_or_invalid_tenant', + 'required_access': required_access, + 'tenant_uuid': tenant_uuid, + } super().__init__( status_code=401, message='Unauthorized',