emallson/prog-stats - Change 4GPLIIZEZEFNPTRC5VHM35FS5OSAEKE5TFW6BLUWMZ4BUULULW7QC

(slightly) better error handling for user auth

Created by emallson on March 5, 2021

4GPLIIZEZEFNPTRC5VHM35FS5OSAEKE5TFW6BLUWMZ4BUULULW7QC

Dependencies

In channels

main

Change contents

Replacement in server/src/user_auth.rs at line 6 [3.319135]
B:BD[3.319321] → [3.319321:319337]
```
use log::error;
```
[3.319321]
[3.319337]
```
use log::{error, info};
```
Insertion in server/src/user_auth.rs at line 10 [3.319135]
[3.319420]
[3.319420]
```
use thiserror::Error;
```

Replacement in server/src/user_auth.rs at line 12 [3.319135]

B:BD[3.319421] → [3.319421:319444]

#[derive(Deserialize)]

[3.319421]

[3.319444]

#[derive(Debug, Deserialize, Clone)]
struct WclErrResponse {
    hint: String,
    error: String,
    message: String,
    error_description: String,
    #[serde(flatten)]
    additional: HashMap<String, String>,
}
#[derive(Debug, Deserialize)]

Replacement in server/src/user_auth.rs at line 26 [3.319135]

B:BD[3.319502] → [3.319502:319536]

    Err(HashMap<String, String>),

[3.319502]

[3.319536]

    Err(WclErrResponse),
    Unk(HashMap<String, String>),
}
#[derive(Debug, Error, Clone)]
pub enum Error {
    #[error("Token has been revoked on the WCL end.")]
    TokenRevoked,
}
fn process_wcl_response(res: TokenResponse, scope: &str) -> Result<WclToken> {
    match res {
        TokenResponse::Ok(token) => Ok(token),
        TokenResponse::Err(err) => match err.hint.as_str() {
            "Authorization code has been revoked" => Err(Error::TokenRevoked.into()),
            _ => {
                error!(
                    "an error occurred while {}ing a user token: {:?}",
                    scope, err
                );
                return Err(anyhow!("unable to refresh token"));
            }
        },
        TokenResponse::Unk(err) => {
            error!(
                "un unknown error occurred while {}ing a user token: {:?}",
                scope, err
            );
            return Err(anyhow!("unable to {} token", scope));
        }
    }

Replacement in server/src/user_auth.rs at line 77 [3.319135]

B:BD[3.319996] → [3.319996:320254]

    match res {
        TokenResponse::Ok(token) => Ok(token),
        TokenResponse::Err(err) => {
            error!("an error occurred while refreshing a user token: {:?}", err);
            return Err(anyhow!("unable to refresh token"));
        }
    }

[3.319996]

[3.320254]

    process_wcl_response(res, "refresh")

Replacement in server/src/user_auth.rs at line 102 [3.319135]

B:BD[4.86] → [4.86:178]

∅:D[4.178] → [3.321046:321127]

B:BD[3.321046] → [3.321046:321127]

B:BD[3.321127] → [4.179:249]

        Ok(TokenResponse::Ok(token)) => Ok(token),
        Ok(TokenResponse::Err(err)) => {
            error!("an error occurred while acquiring a user token: {:?}", err);
            return Err(anyhow!("unable to acquire token"));
        }

[4.86]

[4.249]

        Ok(res) => process_wcl_response(res, "acquire"),

Replacement in server/src/user_auth.rs at line 133 [3.319135]

B:BD[3.322082] → [3.322082:322604]

            let token = refresh_token(client, secrets, &refresh).await?;
            diesel::update(auth::auth_codes.filter(auth::team.eq(team).and(auth::zone.eq(zone))))
                .set((
                    auth::access_token.eq(&token.access_token),
                    auth::refresh_token.eq(token.refresh_token.as_ref().unwrap_or(&refresh)),
                    auth::expiration.eq(Utc::now() + Duration::seconds(token.expires_in as i64)),
                ))
                .execute(&*con)?;
            token

[3.322082]

[3.322604]

            match refresh_token(client, secrets, &refresh).await {
                Ok(token) => {
                    diesel::update(
                        auth::auth_codes.filter(auth::team.eq(team).and(auth::zone.eq(zone))),
                    )
                    .set((
                        auth::access_token.eq(&token.access_token),
                        auth::refresh_token.eq(token.refresh_token.as_ref().unwrap_or(&refresh)),
                        auth::expiration
                            .eq(Utc::now() + Duration::seconds(token.expires_in as i64)),
                    ))
                    .execute(&*con)?;
                    token
                }
                Err(e) => match e.downcast_ref::<Error>() {
                    Some(Error::TokenRevoked) => {
                        info!("user revoked token for {} on WCL. deleting token.", team);
                        diesel::delete(
                            auth::auth_codes.filter(auth::team.eq(team).and(auth::zone.eq(zone))),
                        )
                        .execute(&*con)?;
                        return Ok(None);
                    }
                    None => return Err(e),
                },
            }

Replacement in server/src/graphql.rs at line 16 [3.352196]
B:BD[3.352783] → [3.352783:352814]
```
use log::{debug, error, info};
```
[3.352783]
[3.352814]
```
use log::{debug, error, info, warn};
```

Replacement in server/src/graphql.rs at line 681 [3.352196]

B:BD[3.370895] → [2.94:181]

        let token = crate::user_auth::token_for_code(&client, &secrets, &code).await?;

[3.370895]

[3.370982]

        let token = match crate::user_auth::token_for_code(&client, &secrets, &code).await {
            Ok(t) => t,
            Err(e) => {
                match e.downcast_ref::<crate::user_auth::Error>() {
                    Some(crate::user_auth::Error::TokenRevoked) => {
                        // not allowed to use this token. possible race condition with WCL?
                        warn!("token revoked during store_code handling for {}", team);
                        return Ok(false);
                    }
                    None => return Err(e.into()),
                }
            }
        };

Replacement in server/src/graphql.rs at line 730 [3.352196]

B:BD[3.372030] → [2.182:269]

        let token = crate::user_auth::token_for_code(&client, &secrets, &code).await?;

[3.372030]

[3.372117]

        let token = match crate::user_auth::token_for_code(&client, &secrets, &code).await {
            Ok(t) => t,
            Err(e) => {
                match e.downcast_ref::<crate::user_auth::Error>() {
                    Some(crate::user_auth::Error::TokenRevoked) => {
                        // not allowed to use this token. possible race condition with WCL?
                        warn!("token revoked during revoke_team handling for {}", team);
                        return Ok(false);
                    }
                    None => return Err(e.into()),
                }
            }
        };

Insertion in server/Cargo.toml at line 25 [3.720530]
[3.721191]
[3.721191]
```
thiserror = "1.0.24"
```
Insertion in server/Cargo.lock at line 1658 [3.721379]
[3.762507]
[3.762507]
```
 "thiserror",
```
Replacement in server/Cargo.lock at line 2194 [3.721379]
B:BD[3.775124] → [3.775124:775143]
```
version = "1.0.23"
```
[3.775124]
[3.775143]
```
version = "1.0.24"
```

Replacement in server/Cargo.lock at line 2196 [3.721379]

B:BD[3.775208] → [3.775208:775286]

checksum = "76cc616c6abf8c8928e2fdcc0dbfab37175edd8fb49a4641066ad1364fdab146"

[3.775208]

[3.775286]

checksum = "e0f4a65597094d4483ddaed134f409b2cb7c1beccf25201a9f73c719254fa98e"

Replacement in server/Cargo.lock at line 2203 [3.721379]
B:BD[3.775361] → [3.775361:775380]
```
version = "1.0.23"
```
[3.775361]
[3.775380]
```
version = "1.0.24"
```

Replacement in server/Cargo.lock at line 2205 [3.721379]

B:BD[3.775445] → [3.775445:775523]

checksum = "9be73a2caec27583d0046ef3796c3794f868a5bc813db689eed00c7631275cd1"

[3.775445]

[3.775523]

checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0"

(slightly) better error handling for user auth

Dependencies

In channels

Change contents

Replacement in server/src/user_auth.rs at line 6 [3.319135]

Insertion in server/src/user_auth.rs at line 10 [3.319135]

Replacement in server/src/user_auth.rs at line 12 [3.319135]

Replacement in server/src/user_auth.rs at line 26 [3.319135]

Replacement in server/src/user_auth.rs at line 77 [3.319135]

Replacement in server/src/user_auth.rs at line 102 [3.319135]

Replacement in server/src/user_auth.rs at line 133 [3.319135]

Replacement in server/src/graphql.rs at line 16 [3.352196]

Replacement in server/src/graphql.rs at line 681 [3.352196]

Replacement in server/src/graphql.rs at line 730 [3.352196]

Insertion in server/Cargo.toml at line 25 [3.720530]

Insertion in server/Cargo.lock at line 1658 [3.721379]

Replacement in server/Cargo.lock at line 2194 [3.721379]

Replacement in server/Cargo.lock at line 2196 [3.721379]

Replacement in server/Cargo.lock at line 2203 [3.721379]

Replacement in server/Cargo.lock at line 2205 [3.721379]