Skip to content

Commit

Permalink
fix http error codes (#37)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dsschult
dsschult authored Oct 28, 2022
1 parent dd16107 commit ae9bbc6
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 49 deletions.
38 changes: 19 additions & 19 deletions user_mgmt/groups.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,13 @@ async def get(self, group_id):
try:
group = await self.group_cache.get_group_info_from_id(group_id)
except Exception:
raise HTTPError(404, 'group does not exist')
raise HTTPError(404, reason='group does not exist')

if group['name'].startswith('_'):
raise HTTPError(400, 'bad group request')
raise HTTPError(400, reason='bad group request')
admin_groups = await self.get_admin_groups()
if not is_authorized_group(group['path'], admin_groups):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

ret = await self.group_cache.get_members(group['path'])
self.write(sorted(ret))
Expand All @@ -87,18 +87,18 @@ async def put(self, group_id, username):
try:
group = await self.group_cache.get_group_info_from_id(group_id)
except Exception:
raise HTTPError(404, 'group does not exist')
raise HTTPError(404, reason='group does not exist')

if group['name'].startswith('_'):
raise HTTPError(400, 'bad group request')
raise HTTPError(400, reason='bad group request')
admin_groups = await self.get_admin_groups()
if not is_authorized_group(group['path'], admin_groups):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

try:
await self.user_cache.get_user(username)
except Exception:
raise HTTPError(404, 'username does not exist')
raise HTTPError(404, reason='username does not exist')

await krs.groups.add_user_group(group['path'], username, rest_client=self.krs_client)
self.group_cache.invalidate(group['path'])
Expand All @@ -119,18 +119,18 @@ async def delete(self, group_id, username):
try:
group = await self.group_cache.get_group_info_from_id(group_id)
except Exception:
raise HTTPError(404, 'group does not exist')
raise HTTPError(404, reason='group does not exist')

if group['name'].startswith('_'):
raise HTTPError(400, 'bad group request')
raise HTTPError(400, reason='bad group request')
admin_groups = await self.get_admin_groups()
if not is_authorized_group(group['path'], admin_groups):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

try:
await self.user_cache.get_user(username)
except Exception:
raise HTTPError(404, 'username does not exist')
raise HTTPError(404, reason='username does not exist')

await krs.groups.remove_user_group(group['path'], username, rest_client=self.krs_client)
self.group_cache.invalidate(group['path'])
Expand All @@ -153,13 +153,13 @@ async def post(self):
approval_data['id'] = uuid.uuid1().hex

if approval_data['group'].rsplit('/')[-1].startswith('_'):
raise HTTPError(400, 'bad group request')
raise HTTPError(400, reason='bad group request')

ret = await self.group_cache.list_groups()
groups = get_administered_groups(ret)
if approval_data['group'] not in groups:
logging.info(f'{approval_data}\n{groups}')
raise HTTPError(400, 'bad group request')
raise HTTPError(400, reason='bad group request')
approval_data['group_id'] = groups[approval_data['group']]

await self.db.group_approvals.insert_one(approval_data)
Expand Down Expand Up @@ -206,9 +206,9 @@ async def post(self, approval_id):
admin_groups = await self.get_admin_groups()
ret = await self.db.group_approvals.find_one({'id': approval_id})
if not ret:
raise HTTPError(404, 'no record for approval_id')
raise HTTPError(404, reason='no record for approval_id')
if not is_authorized_group(ret['group'], admin_groups):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

audit_logger.info(f'{self.auth_data["username"]} is approving request {approval_id}')

Expand All @@ -224,7 +224,7 @@ async def post(self, approval_id):
try:
args = await self.user_cache.get_user(ret['username'])
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')
krs.email.send_email(
recipient={'name': f'{args["firstName"]} {args["lastName"]}', 'email': args['email']},
subject='IceCube Group Request Approved',
Expand All @@ -251,9 +251,9 @@ async def post(self, approval_id):
admin_groups = await self.get_admin_groups()
ret = await self.db.group_approvals.find_one({'id': approval_id})
if not ret:
raise HTTPError(404, 'no record for approval_id')
raise HTTPError(404, reason='no record for approval_id')
if not is_authorized_group(ret['group'], admin_groups):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

audit_logger.info(f'{self.auth_data["username"]} is denying request {approval_id}')
await self.db.group_approvals.delete_one({'id': approval_id})
Expand All @@ -263,7 +263,7 @@ async def post(self, approval_id):
try:
args = await self.user_cache.get_user(ret['username'])
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')
krs.email.send_email(
recipient={'name': f'{args["firstName"]} {args["lastName"]}', 'email': args['email']},
subject='IceCube Group Request Denied',
Expand Down
44 changes: 22 additions & 22 deletions user_mgmt/insts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ async def get(self, experiment, institution):
try:
group_info = await krs.groups.group_info(inst_group, rest_client=self.krs_client)
except Exception:
raise HTTPError(404, 'institution does not exist')
raise HTTPError(404, reason='institution does not exist')

ret = {
'subgroups': [child['name'] for child in group_info['subGroups'] if not child['name'].startswith('_')]
Expand Down Expand Up @@ -114,15 +114,15 @@ async def get(self, experiment, institution):
"""
insts = await self.get_admin_institutions()
if experiment not in insts or institution not in insts[experiment]:
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

inst_group = f'/institutions/{experiment}/{institution}'

# get child groups
try:
group_info = await krs.groups.group_info(inst_group, rest_client=self.krs_client)
except Exception:
raise HTTPError(404, 'institution does not exist')
raise HTTPError(404, reason='institution does not exist')

# get main membership
ret = {}
Expand Down Expand Up @@ -155,20 +155,20 @@ async def put(self, experiment, institution, username):
"""
insts = await self.get_admin_institutions()
if experiment not in insts or institution not in insts[experiment]:
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

try:
await self.user_cache.get_user(username)
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')

inst_group = f'/institutions/{experiment}/{institution}'

# get child groups
try:
group_info = await krs.groups.group_info(inst_group, rest_client=self.krs_client)
except Exception:
raise HTTPError(404, 'institution does not exist')
raise HTTPError(404, reason='institution does not exist')
child_groups = [child['name'] for child in group_info['subGroups'] if not child['name'].startswith('_')]

opt_fields = {key: bool for key in child_groups}
Expand Down Expand Up @@ -200,18 +200,18 @@ async def delete(self, experiment, institution, username):
inst_group = f'/institutions/{experiment}/{institution}'
insts = await self.get_admin_institutions()
if (experiment not in insts or institution not in insts[experiment]) and inst_group not in self.auth_data['groups']:
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

try:
await self.user_cache.get_user(username)
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')

# get child groups
try:
group_info = await krs.groups.group_info(inst_group, rest_client=self.krs_client)
except Exception:
raise HTTPError(404, 'institution does not exist')
raise HTTPError(404, reason='institution does not exist')
child_groups = [child['name'] for child in group_info['subGroups'] if not child['name'].startswith('_')]

await krs.groups.remove_user_group(inst_group, username, rest_client=self.krs_client)
Expand Down Expand Up @@ -269,18 +269,18 @@ async def post(self):

# check if username is valid
if not Username._username_valid(username):
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')

# check for existing username
ret = await self.db.inst_approvals.find_one({"username": username})
if ret:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')
try:
await krs.users.user_info(username, rest_client=self.krs_client)
except krs.users.UserDoesNotExist:
pass # username is available
else:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')

user_data = {
'id': uuid.uuid1().hex,
Expand Down Expand Up @@ -327,7 +327,7 @@ async def get(self):
"""Get list of requests a user can approve"""
insts = await self.get_admin_institutions()
if not insts:
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

search = {'$or': [{'experiment': exp, 'institution': inst} for exp in insts for inst in insts[exp]]}
ret = []
Expand All @@ -354,7 +354,7 @@ async def get(self, experiment, institution):
"""
insts = await self.get_admin_institutions()
if experiment not in insts or institution not in insts[experiment]:
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

search = {'experiment': experiment, 'institution': institution}
ret = []
Expand All @@ -381,9 +381,9 @@ async def post(self, approval_id):
insts = await self.get_admin_institutions()
ret = await self.db.inst_approvals.find_one({'id': approval_id})
if not ret:
raise HTTPError(404, 'no record for approval_id')
raise HTTPError(404, reason='no record for approval_id')
if not any(ret['experiment'] == exp and ret['institution'] in insts[exp] for exp in insts):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

newuser = 'newuser' in ret and ret['newuser']

Expand All @@ -392,7 +392,7 @@ async def post(self, approval_id):
# create new user account
user_data = await self.db.user_registrations.find_one({'id': ret['newuser']})
if not user_data:
raise HTTPError(400, 'invalid new user')
raise HTTPError(400, reason='invalid new user')
args = {
"username": user_data['username'],
"first_name": user_data['first_name'],
Expand Down Expand Up @@ -489,7 +489,7 @@ async def post(self, approval_id):
try:
args = await self.user_cache.get_user(ret['username'])
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')
krs.email.send_email(
recipient={'name': f'{args["firstName"]} {args["lastName"]}', 'email': args['email']},
subject='IceCube Account Institution Changes',
Expand Down Expand Up @@ -517,17 +517,17 @@ async def post(self, approval_id):
insts = await self.get_admin_institutions()
ret = await self.db.inst_approvals.find_one({'id': approval_id})
if not ret:
raise HTTPError(404, 'no record for approval_id')
raise HTTPError(404, reason='no record for approval_id')
if not any(ret['experiment'] == exp and ret['institution'] in insts[exp] for exp in insts):
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')

newuser = 'newuser' in ret and ret['newuser']

audit_logger.info(f'{self.auth_data["username"]} is denying request {approval_id}')
if newuser:
user_data = await self.db.user_registrations.find_one({'id': ret['newuser']})
if not user_data:
raise HTTPError(400, 'invalid new user')
raise HTTPError(400, reason='invalid new user')
await self.db.user_registrations.delete_one({'id': ret['newuser']})
await self.db.inst_approvals.delete_one({'id': approval_id})

Expand All @@ -544,7 +544,7 @@ async def post(self, approval_id):
try:
args = await self.user_cache.get_user(ret['username'])
except Exception:
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')
krs.email.send_email(
recipient={'name': f'{args["firstName"]} {args["lastName"]}', 'email': args['email']},
subject='IceCube Account Request Denied',
Expand Down
1 change: 1 addition & 0 deletions user_mgmt/static/routes/register.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ export default {
if (orig_username != resp.data['username'] && this.username == orig_username) {
this.username = resp.data['username']
}
this.errMessage = ''
return true
} catch(error) {
console.log(error)
Expand Down
16 changes: 8 additions & 8 deletions user_mgmt/users.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,15 +109,15 @@ async def post(self):
break
number += 1
else:
raise HTTPError(500, 'cannot generate unique username')
raise HTTPError(500, reason='cannot generate unique username')
else:
# make sure username passes filters
if not self._username_valid(username):
raise HTTPError(400, 'invalid username')
raise HTTPError(400, reason='invalid username')

# make sure username does not exist
if await self._username_in_use(username):
raise HTTPError(400, 'username in use')
raise HTTPError(400, reason='username in use')

self.write({'username': username})

Expand All @@ -140,7 +140,7 @@ async def check_auth(self, username):
members = await self.group_cache.get_members(group_path)
if username in members:
return
raise HTTPError(403, 'invalid authorization')
raise HTTPError(403, reason='invalid authorization')


class MultiUser(UserBase):
Expand All @@ -164,7 +164,7 @@ async def get(self):
try:
user_info = await self.user_cache.get_user(username)
except Exception:
raise HTTPError(404, 'invalid username')
raise HTTPError(404, reason='invalid username')
logging.info('valid username')

profile = {}
Expand Down Expand Up @@ -199,7 +199,7 @@ async def get(self, username):
try:
user_info = await self.user_cache.get_user(username)
except Exception:
raise HTTPError(404, 'invalid username')
raise HTTPError(404, reason='invalid username')
logging.info('valid username')

profile = {}
Expand Down Expand Up @@ -230,7 +230,7 @@ async def put(self, username):
try:
await self.user_cache.get_user(username)
except Exception:
raise HTTPError(404, 'invalid username')
raise HTTPError(404, reason='invalid username')

data = self.json_filter({}, VALID_FIELDS)

Expand All @@ -245,7 +245,7 @@ async def put(self, username):
try:
await krs.users.modify_user(username, **args, rest_client=self.krs_client)
except Exception:
raise HTTPError(400, 'bad update')
raise HTTPError(400, reason='bad update')
else:
self.user_cache.invalidate([username])

Expand Down

0 comments on commit ae9bbc6

Please sign in to comment.