Browse Source

Merge pull request #628 from marcospereirampj/542-keycloakadmin-not-recovering-from-keycloakauthenticationerror

fix: retry upon 401
master v5.1.1
Richard Nemeth 7 days ago
committed by GitHub
parent
commit
01a6cb3cc3
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 3
      pyproject.toml
  2. 32
      src/keycloak/openid_connection.py
  3. 10
      tests/test_keycloak_admin.py

3
pyproject.toml

@ -85,3 +85,6 @@ profile = "black"
[tool.darglint] [tool.darglint]
enable = "DAR104" enable = "DAR104"
[tool.pytest.ini_options]
asyncio_default_fixture_loop_scope = "function"

32
src/keycloak/openid_connection.py

@ -389,6 +389,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
self._refresh_if_required() self._refresh_if_required()
r = super().raw_get(*args, **kwargs) r = super().raw_get(*args, **kwargs)
if r.status_code == 401:
self.refresh_token()
r = super().raw_get(*args, **kwargs)
return r return r
def raw_post(self, *args, **kwargs): def raw_post(self, *args, **kwargs):
@ -406,6 +410,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
self._refresh_if_required() self._refresh_if_required()
r = super().raw_post(*args, **kwargs) r = super().raw_post(*args, **kwargs)
if r.status_code == 401:
self.refresh_token()
r = super().raw_post(*args, **kwargs)
return r return r
def raw_put(self, *args, **kwargs): def raw_put(self, *args, **kwargs):
@ -423,6 +431,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
self._refresh_if_required() self._refresh_if_required()
r = super().raw_put(*args, **kwargs) r = super().raw_put(*args, **kwargs)
if r.status_code == 401:
self.refresh_token()
r = super().raw_put(*args, **kwargs)
return r return r
def raw_delete(self, *args, **kwargs): def raw_delete(self, *args, **kwargs):
@ -440,6 +452,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
self._refresh_if_required() self._refresh_if_required()
r = super().raw_delete(*args, **kwargs) r = super().raw_delete(*args, **kwargs)
if r.status_code == 401:
self.refresh_token()
r = super().raw_delete(*args, **kwargs)
return r return r
async def a_get_token(self): async def a_get_token(self):
@ -496,6 +512,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
await self.a__refresh_if_required() await self.a__refresh_if_required()
r = await super().a_raw_get(*args, **kwargs) r = await super().a_raw_get(*args, **kwargs)
if r.status_code == 401:
await self.a_refresh_token()
r = await super().a_raw_get(*args, **kwargs)
return r return r
async def a_raw_post(self, *args, **kwargs): async def a_raw_post(self, *args, **kwargs):
@ -513,6 +533,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
await self.a__refresh_if_required() await self.a__refresh_if_required()
r = await super().a_raw_post(*args, **kwargs) r = await super().a_raw_post(*args, **kwargs)
if r.status_code == 401:
await self.a_refresh_token()
r = await super().a_raw_post(*args, **kwargs)
return r return r
async def a_raw_put(self, *args, **kwargs): async def a_raw_put(self, *args, **kwargs):
@ -530,6 +554,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
await self.a__refresh_if_required() await self.a__refresh_if_required()
r = await super().a_raw_put(*args, **kwargs) r = await super().a_raw_put(*args, **kwargs)
if r.status_code == 401:
await self.a_refresh_token()
r = await super().a_raw_put(*args, **kwargs)
return r return r
async def a_raw_delete(self, *args, **kwargs): async def a_raw_delete(self, *args, **kwargs):
@ -547,4 +575,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
await self.a__refresh_if_required() await self.a__refresh_if_required()
r = await super().a_raw_delete(*args, **kwargs) r = await super().a_raw_delete(*args, **kwargs)
if r.status_code == 401:
await self.a_refresh_token()
r = await super().a_raw_delete(*args, **kwargs)
return r return r

10
tests/test_keycloak_admin.py

@ -2771,9 +2771,8 @@ def test_auto_refresh(admin_frozen: KeycloakAdmin, realm: str):
"Content-Type": "application/json", "Content-Type": "application/json",
} }
with pytest.raises(KeycloakAuthenticationError) as err:
admin.get_realm(realm_name=realm)
assert err.match('401: b\'{"error":"HTTP 401 Unauthorized".*}\'')
res = admin.get_realm(realm_name=realm)
assert res["realm"] == realm
# Freeze time to simulate the access token expiring # Freeze time to simulate the access token expiring
with freezegun.freeze_time("2023-02-25 10:05:00"): with freezegun.freeze_time("2023-02-25 10:05:00"):
@ -6008,9 +6007,8 @@ async def test_a_auto_refresh(admin_frozen: KeycloakAdmin, realm: str):
"Content-Type": "application/json", "Content-Type": "application/json",
} }
with pytest.raises(KeycloakAuthenticationError) as err:
await admin.a_get_realm(realm_name=realm)
assert err.match('401: b\'{"error":"HTTP 401 Unauthorized".*}\'')
res = await admin.a_get_realm(realm_name=realm)
assert res["realm"] == realm
# Freeze time to simulate the access token expiring # Freeze time to simulate the access token expiring
with freezegun.freeze_time("2023-02-25 10:05:00"): with freezegun.freeze_time("2023-02-25 10:05:00"):

Loading…
Cancel
Save