Refactor error handling to is_jwt_blacklisted

asfadmin · Jan 27, 2022 · 6f2edc2 · 6f2edc2
1 parent 4e2f7fc
commit 6f2edc2
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 41 deletions.
diff --git a/rain_api_core/view_util.py b/rain_api_core/view_util.py
@@ -181,12 +181,8 @@ def decode_jwt_payload(jwt_payload: str, algo: str = JWT_ALGO) -> dict:
         return {}
 
     if os.getenv("BLACKLIST_ENDPOINT"):
-        try:
-            if is_jwt_blacklisted(cookiedecoded):
-                return {}
-        except Exception as e:
-            # TODO(reweeden): This error handling should be moved into `is_jwt_blacklisted` and/or `set_jwt_blacklist`
-            log.debug(f"Received the following error while checking the given JWT against the blacklist: {e}")
+        if is_jwt_blacklisted(cookiedecoded):
+            return {}
     else:
         log.debug('No environment variable BLACKLIST_ENDPOINT')
 
@@ -212,23 +208,27 @@ def make_set_cookie_headers_jwt(payload: dict, expdate: str = '', cookie_domain:
 
 
 def is_jwt_blacklisted(decoded_jwt: dict) -> bool:
-    set_jwt_blacklist()
-    urs_user_id = decoded_jwt["urs-user-id"]
-    blacklist = JWT_BLACKLIST["blacklist"]
-    user_blacklist_time = blacklist.get(urs_user_id)
-
-    if user_blacklist_time is not None:
-        jwt_mint_time = decoded_jwt["iat"]
-        log.debug(f"JWT was minted @:  {jwt_mint_time}, the Blacklist is for cookies BEFORE: {user_blacklist_time}")
-
-        if user_blacklist_time >= jwt_mint_time:
-            log.info(f"User {urs_user_id}'s JWT was minted before blacklist date and is INVALID")
-            return True
-        else:
-            log.info(f"User {urs_user_id}s JWT was minted AFTER blacklist date and is still VALID")
-
-    log.info(f"User {urs_user_id} is NOT in the blacklist")
-    return False
+    try:
+        set_jwt_blacklist()
+        urs_user_id = decoded_jwt["urs-user-id"]
+        blacklist = JWT_BLACKLIST["blacklist"]
+        user_blacklist_time = blacklist.get(urs_user_id)
+
+        if user_blacklist_time is not None:
+            jwt_mint_time = decoded_jwt["iat"]
+            log.debug(f"JWT was minted @:  {jwt_mint_time}, the Blacklist is for cookies BEFORE: {user_blacklist_time}")
+
+            if user_blacklist_time >= jwt_mint_time:
+                log.info(f"User {urs_user_id}'s JWT was minted before blacklist date and is INVALID")
+                return True
+            else:
+                log.info(f"User {urs_user_id}s JWT was minted AFTER blacklist date and is still VALID")
+
+        log.info(f"User {urs_user_id} is NOT in the blacklist")
+        return False
+    except Exception:
+        log.debug("Error checking JWT against the blacklist", exc_info=True)
+        return False
 
 
 def set_jwt_blacklist() -> dict:

diff --git a/tests/test_view_util.py b/tests/test_view_util.py
@@ -343,24 +343,6 @@ def test_decode_jwt_payload_blacklist(
     assert decode_jwt_payload(encoded) == payload
 
 
-@mock.patch(f"{MODULE}.is_jwt_blacklisted", autospec=True)
-@mock.patch(f"{MODULE}.get_jwt_keys", autospec=True)
-def test_decode_jwt_payload_blacklist_error(
-    mock_get_jwt_keys,
-    mock_is_jwt_blacklisted,
-    jwt_pub_key,
-    jwt_priv_key,
-    monkeypatch
-):
-    mock_get_jwt_keys.return_value = {"rsa_pub_key": jwt_pub_key}
-    mock_is_jwt_blacklisted.side_effect = Exception("Test exception")
-    monkeypatch.setenv("BLACKLIST_ENDPOINT", "true")
-    payload = {"foo": "bar"}
-
-    encoded = jwt.encode(payload, jwt_priv_key, algorithm="RS256")
-    assert decode_jwt_payload(encoded) == payload
-
-
 @mock.patch(f"{MODULE}.make_jwt_payload", autospec=True)
 @mock.patch(f"{MODULE}.get_cookie_expiration_date_str", autospec=True)
 def test_make_set_cookie_headers_jwt(mock_get_cookie_expiration_date_str, mock_make_jwt_payload):
@@ -395,6 +377,13 @@ def test_is_jwt_blacklisted(jwt_blacklist, mock_set_jwt_blacklist):
     assert is_jwt_blacklisted({"urs-user-id": "other_user", "iat": 10}) is False
 
 
+@mock.patch(f"{MODULE}.set_jwt_blacklist", autospec=True)
+def test_is_jwt_blacklisted_error(mock_set_jwt_blacklist):
+    mock_set_jwt_blacklist.side_effect = Exception("Test exception")
+
+    assert is_jwt_blacklisted({"urs-user-id": "user_id", "iat": 10}) is False
+
+
 @mock.patch(f"{MODULE}.time", autospec=True)
 @mock.patch(f"{MODULE}.urllib.request", autospec=True)
 @mock.patch(f"{MODULE}.JWT_BLACKLIST", new_callable=dict)