Merge pull request #152 in ASAPO/asapo from...

Merge pull request #152 in ASAPO/asapo from bugfix_ASAPO-143-return-service-unavailable-when-cannot-connect-to-authorizer to develop * commit 'b3325e73': update changelog return correct error type

Merge pull request #152 in ASAPO/asapo from...
d71f96c6 · Sergey Yakubov · 0b0dd8b8 · b3325e73 · d71f96c6 · d71f96c6
Commit d71f96c6 authored 3 years ago by Sergey Yakubov
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ IMPROVEMENTS

 BUG FIXES
 * Consumer API: multiple consumers from same group receive stream finished error 
+* Consumer API: return ServiceUnavailable instead of Unauthorized in case an authorization service is unreachable 

 ## 21.03.3


--- a/broker/src/asapo_broker/server/authorizer.go
+++ b/broker/src/asapo_broker/server/authorizer.go
@@ -23,16 +23,15 @@ type HttpClient interface {
 	Do(req *http.Request) (*http.Response, error)
 }

-type HttpError struct{
+type AuthorizationError struct{
 	err error
 	statusCode int
 }

-func (m *HttpError) Error() string {
+func (m AuthorizationError) Error() string {
 	return m.err.Error()
 }

-
 type AsapoAuthorizer struct {
 	serverUrl string
 	httpClient HttpClient
@@ -83,13 +82,19 @@ func (a * AsapoAuthorizer) doRequest(req *http.Request) (token Token, err error)
 		return token, err
 	}

-	if resp.StatusCode != http.StatusOK {
-		return token, &HttpError{errors.New("authorizer returned " + resp.Status + ": " + string(body)),resp.StatusCode}
+	switch resp.StatusCode {
+	case http.StatusOK:
+		//do nothing
+	case  http.StatusUnauthorized:
+		return token, &AuthorizationError{errors.New("authorizer rejected to authorize: " + string(body)),http.StatusUnauthorized}
+	default:
+		return token, errors.New("authorizer returned " + resp.Status + ": " + string(body))
 	}

 	err = json.Unmarshal(body, &token)
 	return
 }
+
 func createIntrospectTokenRequest(tokenJWT string) (*http.Request, error) {
 	path := "http://"+settings.AuthorizationServer + "/introspect"
 	request := struct {

--- a/broker/src/asapo_broker/server/process_request_test.go
+++ b/broker/src/asapo_broker/server/process_request_test.go
@@ -45,7 +45,7 @@ func (a *MockAuthServer) AuthorizeToken(tokenJWT string) (token Token, err error
 		}, nil
 	}

-	return Token{}, errors.New("wrong JWT token")
+	return Token{}, AuthorizationError{errors.New("wrong JWT token"),http.StatusUnauthorized}
 }

 func prepareTestAuth() {
@@ -146,7 +146,7 @@ func (suite *ProcessRequestTestSuite) TestProcessRequestWithNoToken() {

 	w := doRequest("/beamtime/" + expectedBeamtimeId + "/" + expectedSource + "/" + expectedStream + "/" + expectedGroupID + "/next" + wrongTokenSuffix)

-	suite.Equal(http.StatusUnauthorized, w.Code, "no token")
+	suite.Equal(http.StatusBadRequest, w.Code, "no token")
 }

 func (suite *ProcessRequestTestSuite) TestProcessRequestWithWrongDatabaseName() {

--- a/broker/src/asapo_broker/server/request_common.go
+++ b/broker/src/asapo_broker/server/request_common.go
@@ -12,11 +12,11 @@ func writeAuthAnswer(w http.ResponseWriter, requestName string, db_name string,
 	log_str := "processing " + requestName + " request in " + db_name + " at " + settings.GetDatabaseServer()
 	logger.Error(log_str + " - " + err.Error())

-	httpError, ok := err.(*HttpError)
-	if ok && httpError.statusCode != http.StatusUnauthorized {
+	switch er := err.(type) {
+	case AuthorizationError:
+		w.WriteHeader(er.statusCode)
+	default:
 		w.WriteHeader(http.StatusInternalServerError)
-	} else {
-		w.WriteHeader(http.StatusUnauthorized)
 	}
 	w.Write([]byte(err.Error()))
 }
@@ -54,7 +54,7 @@ func authorize(r *http.Request, beamtime_id string, needWriteAccess bool) error
 	tokenJWT := r.URL.Query().Get("token")

 	if len(tokenJWT) == 0 {
-		return errors.New("cannot extract token from request")
+		return AuthorizationError{errors.New("cannot extract token from request"),http.StatusBadRequest}
 	}

 	token, err := auth.AuthorizeToken(tokenJWT)
@@ -72,18 +72,18 @@ func authorize(r *http.Request, beamtime_id string, needWriteAccess bool) error

 func checkSubject(subject string, beamtime_id string) error {
 	if subject != utils.SubjectFromBeamtime(beamtime_id) {
-		return errors.New("wrong token subject")
+		return AuthorizationError{errors.New("wrong token subject"),http.StatusUnauthorized}
 	}
 	return nil
 }

 func checkAccessType(accessTypes []string, needWriteAccess bool) error {
 	if needWriteAccess && !utils.StringInSlice("write",accessTypes) {
-		return errors.New("wrong token access type")
+		return AuthorizationError{errors.New("wrong token access type"),http.StatusUnauthorized}
 	}

 	if !utils.StringInSlice("read",accessTypes) {
-		return errors.New("wrong token access type")
+		return AuthorizationError{errors.New("wrong token access type"),http.StatusUnauthorized}
 	}
 	return nil
 }