Fixed uncaught exception from oic.provider.Provider.auth_init

Close #562
CZ-NIC · Aug 17, 2018 · 4f84cfe · 4f84cfe
1 parent 1f357f4
commit 4f84cfe
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,9 +10,11 @@ The format is based on the [KeepAChangeLog] project.
 ### Fixed
 - [#553] Made sure a reload would not lead to duplicated keys in a keybundle.
 - [#557] Fixed PKCE verification
+- [#562] Fixed error response from oic request with invalid params
 
 [#553]: https://github.com/OpenIDC/pyoidc/pull/553
 [#557]: https://github.com/OpenIDC/pyoidc/pull/557
+[#562]: https://github.com/OpenIDC/pyoidc/issues/562
 
 ## 0.14.0 [2018-05-15]
 

diff --git a/src/oic/oic/provider.py b/src/oic/oic/provider.py
@@ -703,6 +703,13 @@ def filter_request(self, req):
 
         return req
 
+    def auth_init(self, request, request_class=AuthorizationRequest):
+        """Overriden since the filter_request can throw an InvalidRequest."""
+        try:
+            return super(Provider, self).auth_init(request, request_class)
+        except InvalidRequest as err:
+            return error_response('invalid_request', '%s' % err)
+
     def authorization_endpoint(self, request="", cookie=None, **kwargs):
         """ The AuthorizationRequest endpoint
 

diff --git a/tests/test_oic_provider.py b/tests/test_oic_provider.py
@@ -45,6 +45,7 @@
 from oic.utils.authn.client import verify_client
 from oic.utils.authn.user import UserAuthnMethod
 from oic.utils.authz import AuthzHandling
+from oic.utils.http_util import Response
 from oic.utils.http_util import SeeOther
 from oic.utils.keyio import KeyBundle
 from oic.utils.keyio import KeyJar
@@ -926,6 +927,20 @@ def test_response_mode_form_post(self):
         assert 'http://example.com' in response.message
         assert '<input type="hidden" name="state" value="state"/>' in response.message
 
+    def test_auth_init_invalid(self):
+        areq = {'response_mode': 'unknown',
+                'redirect_uri': 'http://localhost:8087/authz',
+                'client_id': 'number5',
+                'scope': 'openid',
+                'response_type': 'code',
+                'client_secret': 'drickyoghurt'}
+        response = self.provider.auth_init(areq)
+
+        assert isinstance(response, Response)
+        assert response.status_code == 400
+        assert json.loads(response.message) == {'error': 'invalid_request',
+                                                'error_description': 'Contains unsupported response mode'}
+
     @patch('oic.oic.provider.utc_time_sans_frac', Mock(return_value=123456))
     def test_client_secret_expiration_time(self):
         exp_time = self.provider.client_secret_expiration_time()