Fix oAuth exceptions

wilsonge · Dec 9, 2016 · 63e5f6d · 63e5f6d
1 parent 2ef0757
commit 63e5f6d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 10 deletions.
diff --git a/connexion/decorators/security.py b/connexion/decorators/security.py
@@ -6,8 +6,7 @@
 
 import requests
 from flask import request
-
-from ..problem import problem
+from werkzeug.exceptions import Forbidden, Unauthorized
 
 logger = logging.getLogger('connexion.api.security')
 
@@ -57,27 +56,27 @@ def wrapper(*args, **kwargs):
         authorization = request.headers.get('Authorization')  # type: str
         if not authorization:
             logger.info("... No auth provided. Aborting with 401.")
-            return problem(401, 'Unauthorized', "No authorization token provided")
+            raise Unauthorized('No authorization token provided')
         else:
             try:
                 _, token = authorization.split()  # type: str, str
             except ValueError:
-                return problem(401, 'Unauthorized', 'Invalid authorization header')
+                raise Unauthorized('Invalid authorization header')
             logger.debug("... Getting token from %s", token_info_url)
             token_request = session.get(token_info_url, params={'access_token': token}, timeout=5)
             logger.debug("... Token info (%d): %s", token_request.status_code, token_request.text)
             if not token_request.ok:
-                return problem(401, 'Unauthorized', "Provided oauth token is not valid")
+                raise Unauthorized('Provided oauth token is not valid')
             token_info = token_request.json()  # type: dict
             user_scopes = set(token_info['scope'])
             logger.debug("... Scopes required: %s", allowed_scopes)
             logger.debug("... User scopes: %s", user_scopes)
             if not allowed_scopes <= user_scopes:
                 logger.info(textwrap.dedent("""
                             ... User scopes (%s) do not match the scopes necessary to call endpoint (%s).
-                             Aborting with 401.""").replace('\n', ''),
+                             Aborting with 403.""").replace('\n', ''),
                             user_scopes, allowed_scopes)
-                return problem(403, 'Forbidden', "Provided token doesn't have the required scope")
+                raise Forbidden('Provided token doesn\'t have the required scope')
             logger.info("... Token authenticated.")
             request.user = token_info.get('uid')
             request.token_info = token_info

diff --git a/tests/decorators/test_security.py b/tests/decorators/test_security.py
@@ -1,5 +1,7 @@
+from werkzeug.exceptions import Unauthorized
+
+import pytest
 from connexion.decorators.security import get_tokeninfo_url, verify_oauth
-from connexion.problem import problem
 from mock import MagicMock
 
 
@@ -30,5 +32,6 @@ def func():
     app = MagicMock()
     monkeypatch.setattr('connexion.decorators.security.request', request)
     monkeypatch.setattr('flask.current_app', app)
-    resp = wrapped_func()
-    assert resp == problem(401, 'Unauthorized', 'Invalid authorization header')
+
+    with pytest.raises(Unauthorized):
+        wrapped_func()