From 0e3badf3af77007bbc350b4b74f81254f544a566 Mon Sep 17 00:00:00 2001
From: Webb Scales <wscales@redhat.com>
Date: Wed, 26 Apr 2023 12:05:06 -0400
Subject: [PATCH] Check for API key on any failure to validate access token

---
 lib/pbench/server/auth/auth.py | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/lib/pbench/server/auth/auth.py b/lib/pbench/server/auth/auth.py
index 3e178514ae..2d5501a2de 100644
--- a/lib/pbench/server/auth/auth.py
+++ b/lib/pbench/server/auth/auth.py
@@ -141,20 +141,16 @@ def verify_auth_oidc(auth_token: str) -> Optional[User]:
     Returns:
         User object if the verification succeeds, None on failure.
     """
-    user = None
     try:
         token_payload = oidc_client.token_introspect(token=auth_token)
     except OpenIDTokenInvalid:
-        try:
-            user = verify_auth_api_key(auth_token)
-        except Exception:
-            pass
+        # The token is not a valid access token, fall through.
+        pass
     except Exception:
         current_app.logger.exception(
             "Unexpected exception occurred while verifying the auth token {}",
             auth_token,
         )
-        pass
     else:
         # Extract what we want to cache from the access token
         user_id = token_payload["sub"]
@@ -170,4 +166,14 @@ def verify_auth_oidc(auth_token: str) -> Optional[User]:
             user.add()
         else:
             user.update(username=username, roles=roles)
-    return user
+        return user
+
+    try:
+        return verify_auth_api_key(auth_token)
+    except Exception:
+        current_app.logger.exception(
+            "Unexpected exception occurred while verifying the API key {}",
+            auth_token,
+        )
+
+    return None