From 8b3244405fee4270eb14dfb279ddcb5de3274c26 Mon Sep 17 00:00:00 2001
From: Jan Kaluza <jkaluza@redhat.com>
Date: Mon, 5 Dec 2016 11:40:00 +0100
Subject: [PATCH] Make the OIDC error messages more verbose and include
 non-secret client-secrets.json

---
 client_secrets.json            | 12 ++++++++++++
 module_build_service/auth.py   | 10 ++++++----
 tests/test_views/test_views.py |  2 +-
 3 files changed, 19 insertions(+), 5 deletions(-)
 create mode 100644 client_secrets.json

diff --git a/client_secrets.json b/client_secrets.json
new file mode 100644
index 00000000..7fd5069d
--- /dev/null
+++ b/client_secrets.json
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/module_build_service/auth.py b/module_build_service/auth.py
index 924b5777..c5f047d9 100644
--- a/module_build_service/auth.py
+++ b/module_build_service/auth.py
@@ -80,12 +80,14 @@ def get_username(request):
     _load_secrets()
 
     if not "oidc_token" in request.cookies:
-        raise Unauthorized("Cannot verify OIDC token.")
+        raise Unauthorized("Cannot verify OIDC token: No 'oidc_token' "
+            "cookie found.")
 
     token = request.cookies["oidc_token"]
-    data = get_token_info(token)
-    if not data:
-        raise Unauthorized("Cannot verify OIDC token.")
+    try:
+        data = get_token_info(token)
+    except Exception as e:
+        raise Unauthorized("Cannot verify OIDC token: %s" % str(e))
 
     if not "active" in data or not data["active"]:
         raise Unauthorized("OIDC token invalid or expired.")
diff --git a/tests/test_views/test_views.py b/tests/test_views/test_views.py
index c330b7f7..b2dc3540 100644
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -261,7 +261,7 @@ class TestViews(unittest.TestCase):
         data = json.loads(rv.data)
         self.assertEquals(
             data['message'],
-            'Cannot verify OIDC token.'
+            "Cannot verify OIDC token: No 'oidc_token' cookie found."
         )
         self.assertEquals(data['status'], 401)
         self.assertEquals(data['error'], 'Unauthorized')