Merge pull request #628 from marcospereirampj/542-keycloakadmin-not-recovering-from-keycloakauthenticationerror

fix: retry upon 401
7 days ago · 01a6cb3cc3
3 changed files with 39 additions and 6 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@ -85,3 +85,6 @@ profile = "black"

 [tool.darglint]
 enable = "DAR104"
+
+[tool.pytest.ini_options]
+asyncio_default_fixture_loop_scope = "function"
--- a/src/keycloak/openid_connection.py
+++ b/src/keycloak/openid_connection.py
@ -389,6 +389,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        self._refresh_if_required()
        r = super().raw_get(*args, **kwargs)
+        if r.status_code == 401:
+            self.refresh_token()
+            r = super().raw_get(*args, **kwargs)
+
        return r

    def raw_post(self, *args, **kwargs):
@ -406,6 +410,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        self._refresh_if_required()
        r = super().raw_post(*args, **kwargs)
+        if r.status_code == 401:
+            self.refresh_token()
+            r = super().raw_post(*args, **kwargs)
+
        return r

    def raw_put(self, *args, **kwargs):
@ -423,6 +431,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        self._refresh_if_required()
        r = super().raw_put(*args, **kwargs)
+        if r.status_code == 401:
+            self.refresh_token()
+            r = super().raw_put(*args, **kwargs)
+
        return r

    def raw_delete(self, *args, **kwargs):
@ -440,6 +452,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        self._refresh_if_required()
        r = super().raw_delete(*args, **kwargs)
+        if r.status_code == 401:
+            self.refresh_token()
+            r = super().raw_delete(*args, **kwargs)
+
        return r

    async def a_get_token(self):
@ -496,6 +512,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        await self.a__refresh_if_required()
        r = await super().a_raw_get(*args, **kwargs)
+        if r.status_code == 401:
+            await self.a_refresh_token()
+            r = await super().a_raw_get(*args, **kwargs)
+
        return r

    async def a_raw_post(self, *args, **kwargs):
@ -513,6 +533,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        await self.a__refresh_if_required()
        r = await super().a_raw_post(*args, **kwargs)
+        if r.status_code == 401:
+            await self.a_refresh_token()
+            r = await super().a_raw_post(*args, **kwargs)
+
        return r

    async def a_raw_put(self, *args, **kwargs):
@ -530,6 +554,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        await self.a__refresh_if_required()
        r = await super().a_raw_put(*args, **kwargs)
+        if r.status_code == 401:
+            await self.a_refresh_token()
+            r = await super().a_raw_put(*args, **kwargs)
+
        return r

    async def a_raw_delete(self, *args, **kwargs):
@ -547,4 +575,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
        """
        await self.a__refresh_if_required()
        r = await super().a_raw_delete(*args, **kwargs)
+        if r.status_code == 401:
+            await self.a_refresh_token()
+            r = await super().a_raw_delete(*args, **kwargs)
+
        return r
--- a/tests/test_keycloak_admin.py
+++ b/tests/test_keycloak_admin.py
@ -2771,9 +2771,8 @@ def test_auto_refresh(admin_frozen: KeycloakAdmin, realm: str):
        "Content-Type": "application/json",
    }

-    with pytest.raises(KeycloakAuthenticationError) as err:
-        admin.get_realm(realm_name=realm)
-    assert err.match('401: b\'{"error":"HTTP 401 Unauthorized".*}\'')
+    res = admin.get_realm(realm_name=realm)
+    assert res["realm"] == realm

    # Freeze time to simulate the access token expiring
    with freezegun.freeze_time("2023-02-25 10:05:00"):
@ -6008,9 +6007,8 @@ async def test_a_auto_refresh(admin_frozen: KeycloakAdmin, realm: str):
        "Content-Type": "application/json",
    }

-    with pytest.raises(KeycloakAuthenticationError) as err:
-        await admin.a_get_realm(realm_name=realm)
-    assert err.match('401: b\'{"error":"HTTP 401 Unauthorized".*}\'')
+    res = await admin.a_get_realm(realm_name=realm)
+    assert res["realm"] == realm

    # Freeze time to simulate the access token expiring
    with freezegun.freeze_time("2023-02-25 10:05:00"):