feat(insights): handle sso server device token timeout

- Support device auth workflow token timeout from the SSO server. These errors should result in the same exception we trigger upon expiration timeout checks.
quipucords · Nov 20, 2023 · 2580ce0 · 2580ce0
1 parent 81fd397
commit 2580ce0
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/qpc/insights/auth.py b/qpc/insights/auth.py
@@ -111,7 +111,17 @@ def wait_for_authorization(self):
                     break
                 if response.status_code == http.HTTPStatus.BAD_REQUEST:
                     self.token_response = response.json()
-                    if self.token_response.get("error") != "authorization_pending":
+                    response_error = self.token_response.get("error")
+                    if response_error == "expired_token":
+                        logger.debug(
+                            _(messages.INSIGHTS_RESPONSE),
+                            insights_sso_server,
+                            response.text,
+                        )
+                        raise InsightsAuthError(
+                            _(messages.INSIGHTS_LOGIN_VERIFICATION_TIMEOUT)
+                        )
+                    if response_error != "authorization_pending":
                         logger.debug(
                             _(messages.INSIGHTS_RESPONSE),
                             insights_sso_server,

diff --git a/qpc/insights/test_insights_auth.py b/qpc/insights/test_insights_auth.py
@@ -136,3 +136,22 @@ def test_insights_wait_for_authorization_expired(self, faker, requests_mock):
         with pytest.raises(InsightsAuthError) as err:
             insights_auth.wait_for_authorization()
             assert "Time-out while waiting for Login authorization" in err.value
+
+    def test_insights_wait_for_authorization_expired_from_sso(
+        self, login_auth_response, requests_mock
+    ):
+        """Testing that token authorization expired from the sso server."""
+        insights_auth = InsightsAuth()
+        insights_auth.auth_request = login_auth_response
+        sso_host = read_insights_config().get(CONFIG_SSO_HOST_KEY)
+        sso_token_url = f"https://{sso_host}{TOKEN_ENDPOINT}"
+        token_response = {
+            "error": "expired_token",
+            "error_description": "Device code is expired",
+        }
+        requests_mock.post(
+            sso_token_url, status_code=http.HTTPStatus.BAD_REQUEST, json=token_response
+        )
+        with pytest.raises(InsightsAuthError) as err:
+            insights_auth.wait_for_authorization()
+            assert "Time-out while waiting for Login authorization" in err.value