staging instance, all data can be removed at all time

Skip to content

deposit.auth: Adjust authentication error message

Antoine R. Dumont requested to merge generated-differential-D5302-source into generated-differential-D5302-target

The error message in case of authentication failure is now aligned with the previous basic authentication scheme. Prior to this, the keycloak error dict leaked into the summary field which made the error unreadable.

before (basic auth):

$ curl -u test2:test http://localhost:5080/deposit/1/servicedocument/
<?xml version="1.0" encoding="utf-8"?>
<sword:error xmlns="http://www.w3.org/2005/Atom"
             xmlns:sword="http://purl.org/net/sword/terms/">
    <summary>Invalid username/password.</summary>
    <sword:treatment>processing failed</sword:treatment>

    <sword:verboseDescription>
        API is protected by basic authentication
    </sword:verboseDescription>

</sword:error>
$ swh deposit metadata-only --url http://localhost:5080/deposit  --username test \
  --password test2 \
  --metadata ../deposit-swh.update-metadata.xml
ERROR:swh.deposit.cli.client:Problem during parsing options: Service document retrieval: Invalid username/password.

before (keycloak):

$ curl -u test2:test http://localhost:5080/deposit/1/servicedocument/
<?xml version="1.0" encoding="utf-8"?>
<sword:error xmlns="http://www.w3.org/2005/Atom"
             xmlns:sword="http://purl.org/net/sword/terms/">
    <summary>{&quot;error&quot;:&quot;invalid_grant&quot;,&quot;error_description&quot;:&quot;Invalid user credentials&quot;}</summary>
    <sword:treatment>processing failed</sword:treatment>

    <sword:verboseDescription>
        API is protected by basic authentication
    </sword:verboseDescription>

</sword:error>
$ swh deposit metadata-only --url http://localhost:5080/deposit \
  --username test \
  --password test2 \
  --metadata ../deposit-swh.update-metadata.xml --format json
ERROR:swh.deposit.cli.client:Problem during parsing options: Service document retrieval: {"error":"invalid_grant","error_description":"Invalid user credentials"}

And now, with the following diff and keycloak authentication scheme:

$ curl -u test2:test http://localhost:5080/deposit/1/servicedocument/
<?xml version="1.0" encoding="utf-8"?>
<sword:error xmlns="http://www.w3.org/2005/Atom"
             xmlns:sword="http://purl.org/net/sword/terms/">
    <summary>invalid_grant: Invalid user credentials</summary>
    <sword:treatment>processing failed</sword:treatment>

    <sword:verboseDescription>
        API is protected by basic authentication
    </sword:verboseDescription>

</sword:error>
$  swh deposit metadata-only --url http://localhost:5080/deposit  --username test \
  --password test2 \
  --metadata ../deposit-swh.update-metadata.xml
ERROR:swh.deposit.cli.client:Problem during parsing options: Service document retrieval: invalid_grant: Invalid user credentials

Test Plan

tox

Migrated from D5302 (view on Phabricator)

Merge request reports