auth.keycloak: Define keycloak_error_message helper function

To ease transforming KeycloakError into an exception message. Related to T3166

auth.keycloak: Define keycloak_error_message helper function
b3d3ff60 · Antoine R. Dumont · d7ecd21e · b3d3ff60 · b3d3ff60
Verified Commit b3d3ff60 authored 4 years ago by Antoine R. Dumont
--- a/swh/auth/keycloak.py
+++ b/swh/auth/keycloak.py
@@ -3,6 +3,7 @@
 # License: GNU Affero General Public License version 3, or any later version
 # See top-level LICENSE file for more information

+import json
 from typing import Any, Dict, Optional
 from urllib.parse import urlencode

@@ -210,3 +211,15 @@ class KeycloakOpenIDConnect:
        config = dict(load_from_envvar()).get("keycloak", {})
        config.update({k: v for k, v in kwargs.items() if v is not None})
        return cls.from_config(keycloak=config)
+
+
+def keycloak_error_message(keycloak_error: KeycloakError) -> str:
+    """Transform a keycloak exception into an error message.
+
+    """
+    msg_dict = json.loads(keycloak_error.error_message.decode())
+    error_msg = msg_dict["error"]
+    error_desc = msg_dict.get("error_description")
+    if error_desc:
+        error_msg = f"{error_msg}: {error_desc}"
+    return error_msg
--- a/swh/auth/tests/test_keycloak.py
+++ b/swh/auth/tests/test_keycloak.py
@@ -4,6 +4,7 @@
 # See top-level LICENSE file for more information

 from copy import copy
+import json
 import os
 from urllib.parse import parse_qs, urlparse

@@ -11,7 +12,7 @@ from keycloak.exceptions import KeycloakError
 import pytest
 import yaml

-from swh.auth.keycloak import KeycloakOpenIDConnect
+from swh.auth.keycloak import KeycloakOpenIDConnect, keycloak_error_message
 from swh.auth.tests.sample_data import CLIENT_ID, DECODED_TOKEN, OIDC_PROFILE, USER_INFO
 from swh.core.config import read

@@ -152,3 +153,23 @@ def test_auth_KeycloakOpenIDConnect_from_configfile_override(
    assert client.server_url == auth_config["keycloak"]["server_url"]
    assert client.realm_name == auth_config["keycloak"]["realm_name"]
    assert client.client_id == "foobar"
+
+
+@pytest.mark.parametrize(
+    "error_dict, expected_result",
+    [
+        ({"error": "unknown_error"}, "unknown_error"),
+        (
+            {"error": "invalid_grant", "error_description": "Invalid credentials"},
+            "invalid_grant: Invalid credentials",
+        ),
+    ],
+)
+def test_auth_keycloak_error_message(error_dict, expected_result):
+    """Conversion from KeycloakError to error message should work with detail or not"""
+    error_message = json.dumps(error_dict).encode()
+    exception = KeycloakError(error_message=error_message, response_code=401)
+
+    actual_result = keycloak_error_message(exception)
+
+    assert actual_result == expected_result