Skip to content

Raise HTTP error if encountered #1167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
joshtemple wants to merge 2 commits into from
+39 −0
Closed

Raise HTTP error if encountered #1167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c3befce
fix: raise any HTTP errors encountered
joshtemple Oct 19, 2022
0ab3e2c
test: add test for failed id token refresh
joshtemple Dec 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions google/auth/impersonated_credentials.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,7 @@ def refresh(self, request):
headers=headers,
data=json.dumps(body).encode("utf-8"),
)
response.raise_for_status()
Copy link
Contributor

@clundin25 clundin25 Oct 25, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you write a test for this?

Copy link
Author

@joshtemple joshtemple Dec 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@clundin25, I've attempted to write a test. Let me know if you'd like me to approach it differently.

Copy link
Contributor

@arithmetic1728 arithmetic1728 Dec 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refresh method normally throws RefreshError (https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/exceptions.py#L35), could you maybe check the status code and raise a RefreshError instead?


id_token = response.json()["token"]
self.token = id_token
Expand Down
38 changes: 38 additions & 0 deletions tests/test_impersonated_credentials.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import mock
import pytest # type: ignore
import requests
from six.moves import http_client

from google.auth import _helpers
Expand Down Expand Up @@ -75,6 +76,10 @@ def __init__(self, json_data, status_code):
def json(self):
return self.json_data

def raise_for_status(self):
if self.status_code != http_client.OK:
raise requests.HTTPError


@pytest.fixture
def mock_authorizedsession_sign():
Expand Down Expand Up @@ -444,6 +449,39 @@ def test_id_token_success(
assert id_creds.token == ID_TOKEN_DATA
assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)

def test_id_token_failure(
self, mock_donor_credentials, mock_authorizedsession_idtoken
):
data = {"error": {"code": 403, "message": "unauthorized"}}
mock_authorizedsession_idtoken.return_value = MockResponse(
data, http_client.UNAUTHORIZED
)

credentials = self.make_credentials(lifetime=None)
token = "token"
target_audience = "https://foo.bar"

expire_time = (
_helpers.utcnow().replace(microsecond=0) + datetime.timedelta(seconds=500)
).isoformat("T") + "Z"
response_body = {"accessToken": token, "expireTime": expire_time}

request = self.make_request(
data=json.dumps(response_body), status=http_client.OK
)

credentials.refresh(request)

assert credentials.valid
assert not credentials.expired

id_creds = impersonated_credentials.IDTokenCredentials(
credentials, target_audience=target_audience
)

with pytest.raises(requests.HTTPError):
id_creds.refresh(request)

def test_id_token_from_credential(
self, mock_donor_credentials, mock_authorizedsession_idtoken
):
Expand Down