Skip to content

Pass Error Message back of failed auth #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
juztas merged 2 commits into from
Apr 1, 2026
Merged

Pass Error Message back of failed auth #71

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e5745f
Pass Error Message back of failed auth
juztas Mar 31, 2026
8fb98a4
More clear error message for missing session info
juztas Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 16 additions & 6 deletions app/routers/iri_router.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,16 @@ async def get_globus_info(self, api_key: str) -> dict:
if GLOBUS_SCOPE not in token_scope:
raise Exception(f"Token missing required scope: {GLOBUS_SCOPE}")

session_info = introspect.get("session_info", {})
if not session_info or not session_info.get("authentications", {}):
raise Exception(f"Empty session_info.authentications block")
session_info = introspect.get("session_info")

if not session_info:
raise Exception("No recent login was found in the token (missing session_info). "
"Please re-authenticate to obtain a valid session.")

authentications = session_info.get("authentications")
if not authentications:
raise Exception("No recent login was found in the token (empty session_info.authentications). "
"Please re-authenticate to obtain a valid session.")

return introspect

Expand All @@ -123,20 +130,23 @@ async def current_user(
ip_address = get_client_ip(request)
user_id = None
globus_introspect = None
exc_msg = ""
try:
if GLOBUS_RS_ID and GLOBUS_RS_SECRET and GLOBUS_RS_SCOPE_SUFFIX:
try:
globus_introspect = await self.get_globus_info(token)
user_id = await self.adapter.get_current_user_globus(token, ip_address, globus_introspect)
except Exception as globus_exc:
logging.getLogger().exception("Globus error:", exc_info=globus_exc)
exc_msg = f"Globus authentication failed: {str(globus_exc)}. || "
if not user_id:
user_id = await self.adapter.get_current_user(token, ip_address)
except Exception as exc:
logging.getLogger().exception(f"Error parsing IRI_API_PARAMS: ", exc_info=exc)
raise HTTPException(status_code=401, detail="Invalid or malformed Authorization parameters") from exc
logging.getLogger().exception("Facility Specific auth failed: ", exc_info=exc)
exc_msg += f"Facility Specific authentication failed: {str(exc)}"
raise HTTPException(status_code=401, detail=exc_msg) from exc
if not user_id:
raise HTTPException(status_code=403, detail="Unauthorized access")
raise HTTPException(status_code=403, detail="Authentication succeeded but no user ID was identified. Contact Facility Admin.")

user = await self.adapter.get_user(
user_id=user_id,
Expand Down
Loading