Skip to content

Commit

Permalink
[auth] Slightly better error message
Browse files Browse the repository at this point in the history
  • Loading branch information
@stepancheg
stepancheg committed Feb 5, 2025
1 parent 6b7938a commit 2d3fb4c
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 19 deletions.
4 changes: 2 additions & 2 deletions foundation/auth/src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ pub enum Error {
#[error("jwt error: {0}")]
JwtError(#[from] jsonwebtoken::errors::Error),

#[error("http error: {0}")]
HttpError(#[from] reqwest::Error),
#[error("http error on {0}: {1}")]
HttpError(String, reqwest::Error),

#[error("GOOGLE_APPLICATION_CREDENTIALS or default credentials is required: {0}")]
CredentialsIOError(#[from] std::io::Error),
Expand Down
6 changes: 4 additions & 2 deletions foundation/auth/src/token_source/authorized_user_token_source.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,11 @@ impl TokenSource for UserAccountTokenSource {
.post(self.token_url.to_string())
.json(&data)
.send()
.await?
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?
.json::<InternalToken>()
.await?;
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?;

return Ok(it.to_token(time::OffsetDateTime::now_utc()));
}
Expand Down
6 changes: 4 additions & 2 deletions foundation/auth/src/token_source/compute_identity_source.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,11 @@ impl TokenSource for ComputeIdentitySource {
.get(self.token_url.to_string())
.header(METADATA_FLAVOR_KEY, METADATA_GOOGLE)
.send()
.await?
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?
.text()
.await?;
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?;

let exp = jsonwebtoken::decode::<ExpClaim>(&jwt, &self.decoding_key, &self.validation)?
.claims
Expand Down
6 changes: 4 additions & 2 deletions foundation/auth/src/token_source/compute_token_source.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,11 @@ impl TokenSource for ComputeTokenSource {
.get(self.token_url.to_string())
.header(METADATA_FLAVOR_KEY, METADATA_GOOGLE)
.send()
.await?
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?
.json::<InternalToken>()
.await?;
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
return Ok(it.to_token(time::OffsetDateTime::now_utc()));
}
}
16 changes: 13 additions & 3 deletions foundation/auth/src/token_source/impersonate_token_source.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,22 @@ impl TokenSource for ImpersonateTokenSource {
format!("{} {}", auth_token.token_type, auth_token.access_token),
)
.send()
.await?;
.await
.map_err(|e| Error::HttpError(self.url.clone(), e))?;
let response = if !response.status().is_success() {
let status = response.status().as_u16();
return Err(Error::UnexpectedImpersonateTokenResponse(status, response.text().await?));
return Err(Error::UnexpectedImpersonateTokenResponse(
status,
response
.text()
.await
.map_err(|e| Error::HttpError(self.url.clone(), e))?,
));
} else {
response.json::<ImpersonateTokenResponse>().await?
response
.json::<ImpersonateTokenResponse>()
.await
.map_err(|e| Error::HttpError(self.url.clone(), e))?
};

let expiry = time::OffsetDateTime::parse(&response.expire_time, &Rfc3339)?;
Expand Down
30 changes: 22 additions & 8 deletions foundation/auth/src/token_source/service_account_token_source.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ impl OAuth2ServiceAccountTokenSource {
}

/// Checks whether an HTTP response is successful and returns it, or returns an error.
async fn check_response_status(response: Response) -> Result<Response, Error> {
async fn check_response_status(token_url: &String, response: Response) -> Result<Response, Error> {
// Check the status code, returning the response if it is not an error.
let error = match response.error_for_status_ref() {
Ok(_) => return Ok(response),
Expand All @@ -188,7 +188,7 @@ impl OAuth2ServiceAccountTokenSource {
error: response.error,
error_description: response.error_description,
})
.unwrap_or(Error::HttpError(error)))
.unwrap_or(Error::HttpError(token_url.to_owned(), error)))
}
}

Expand Down Expand Up @@ -222,19 +222,33 @@ impl TokenSource for OAuth2ServiceAccountTokenSource {
.ok_or(Error::NoTargetAudienceFound)?
.as_str()
.ok_or(Error::NoTargetAudienceFound)?;
let response = self.client.post(self.token_url.as_str()).form(&form).send().await?;
Ok(Self::check_response_status(response)
let response = self
.client
.post(self.token_url.as_str())
.form(&form)
.send()
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
Ok(Self::check_response_status(&self.token_url, response)
.await?
.json::<InternalIdToken>()
.await?
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?
.to_token(audience)?)
}
false => {
let response = self.client.post(self.token_url.as_str()).form(&form).send().await?;
Ok(Self::check_response_status(response)
let response = self
.client
.post(self.token_url.as_str())
.form(&form)
.send()
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?;
Ok(Self::check_response_status(&self.token_url, response)
.await?
.json::<InternalToken>()
.await?
.await
.map_err(|e| Error::HttpError(self.token_url.clone(), e))?
.to_token(iat))
}
}
Expand Down

0 comments on commit 2d3fb4c

Please sign in to comment.