Merge branch 'master' into PS-4716-3888

lemur/auth/views.py

@@ -21,6 +21,7 @@
 from flask_principal import Identity, identity_changed
 
 from lemur.constants import SUCCESS_METRIC_STATUS, FAILURE_METRIC_STATUS
+from lemur.exceptions import TokenExchangeFailed
 from lemur.extensions import metrics
 from lemur.common.utils import get_psuedo_random_string, get_state_token_secret
 
@@ -80,8 +81,24 @@ def exchange_for_access_token(
         r = requests.post(
             access_token_url, headers=headers, data=params, verify=verify_cert
         )
-    id_token = r.json()["id_token"]
-    access_token = r.json()["access_token"]
+
+    response = r.json()
+
+    if not r.ok or "error" in response:
+        raise TokenExchangeFailed(response.get("error", "Unknown error"), response.get("error_description", ""))
+
+    id_token = response.get("id_token")
+    access_token = response.get("access_token")
+
+    if id_token is None or access_token is None:
+        error = "missing tokens"
+        missing_tokens = []
+        if id_token is None:
+            missing_tokens.append("id_token is missing")
+        if access_token is None:
+            missing_tokens.append("access_token is missing")
+        description = " and ".join(missing_tokens)
+        raise TokenExchangeFailed(error, description)
 
     return id_token, access_token
 

lemur/common/schema.py

@@ -156,6 +156,12 @@ def decorated_function(*args, **kwargs):
 
             try:
                 resp = f(*args, **kwargs)
+            except KeyError as e:
+                capture_exception()
+                current_app.logger.exception(e)
+                missing_field = str(e).replace("'", "")  # This removes quotes around the missing key
+                msg = f"`{missing_field}` is required but is missing or not configured.  Please provide and try again."
+                return dict(message=msg), 500
             except Exception as e:
                 capture_exception()
                 current_app.logger.exception(e)

lemur/exceptions.py

@@ -36,6 +36,15 @@ def __str__(self):
         )
 
 
+class TokenExchangeFailed(LemurException):
+    def __init__(self, error, description):
+        self.error = error
+        self.description = description
+
+    def __str__(self):
+        return f'Token exchange failed with {self.error}. {self.description}'
+
+
 class AttrNotFound(LemurException):
     def __init__(self, field):
         self.field = field

lemur/factory.py

@@ -158,7 +158,7 @@ def configure_extensions(app):
     :param app:
     """
     db.init_app(app)
-    migrate.init_app(app, db)
+    migrate.init_app(app, db, app.config.get("FLASK_MIGRATIONS_PATH", "migrations"))
     principal.init_app(app)
     smtp_mail.init_app(app)
     metrics.init_app(app)

requirements-dev.txt

@@ -14,7 +14,7 @@ cfgv==3.3.1
     # via pre-commit
 charset-normalizer==3.1.0
     # via requests
-cryptography==41.0.3
+cryptography==41.0.4
     # via secretstorage
 distlib==0.3.6
     # via virtualenv

requirements-docs.txt

@@ -56,13 +56,13 @@ blinker==1.6.2
     #   flask
     #   flask-mail
     #   flask-principal
-boto3==1.28.44
+boto3==1.28.54
     # via
     #   -r requirements-docs.in
     #   -r requirements-tests.txt
     #   aws-sam-translator
     #   moto
-botocore==1.31.44
+botocore==1.31.54
     # via
     #   -r requirements-docs.in
     #   -r requirements-tests.txt
@@ -111,7 +111,7 @@ click-plugins==1.1.1
     # via celery
 click-repl==0.3.0
     # via celery
-cloudflare==2.11.7
+cloudflare==2.12.4
     # via -r requirements-docs.in
 configargparse==1.5.3
     # via
@@ -123,7 +123,7 @@ configobj==5.0.8
     #   certbot
 coverage==7.3.1
     # via -r requirements-tests.txt
-cryptography==41.0.3
+cryptography==41.0.4
     # via
     #   -r requirements-docs.in
     #   -r requirements-tests.txt
@@ -162,7 +162,7 @@ ecdsa==0.18.0
     #   sshpubkeys
 factory-boy==3.3.0
     # via -r requirements-tests.txt
-faker==19.6.0
+faker==19.6.2
     # via
     #   -r requirements-tests.txt
     #   factory-boy
@@ -328,7 +328,7 @@ mdurl==0.1.2
     # via
     #   -r requirements-tests.txt
     #   markdown-it-py
-moto[all]==4.2.2
+moto[all]==4.2.4
     # via -r requirements-tests.txt
 mpmath==1.3.0
     # via
@@ -392,7 +392,7 @@ pluggy==1.2.0
     #   pytest
 prompt-toolkit==3.0.38
     # via click-repl
-py-partiql-parser==0.3.6
+py-partiql-parser==0.3.7
     # via
     #   -r requirements-tests.txt
     #   moto
@@ -540,7 +540,7 @@ sarif-om==1.0.4
     # via
     #   -r requirements-tests.txt
     #   cfn-lint
-sentry-sdk==1.30.0
+sentry-sdk==1.31.0
     # via -r requirements-docs.in
 six==1.16.0
     # via
@@ -566,7 +566,7 @@ sortedcontainers==2.4.0
     #   fakeredis
 soupsieve==2.4.1
     # via beautifulsoup4
-sphinx==7.2.5
+sphinx==7.2.6
     # via
     #   -r requirements-docs.in
     #   sphinx-rtd-theme

requirements-tests.in

@@ -14,7 +14,7 @@ itsdangerous
 jinja2
 marshmallow-sqlalchemy == 0.23.1 #related to the marshmallow issue (to avoid conflicts)
 marshmallow<2.21.1 #schema duplicate issues https://github.com/marshmallow-code/marshmallow-sqlalchemy/issues/121
-moto[all] == 4.2.2 # 3.1.2 breaks ELBv2 tests
+moto[all] == 4.2.4 # 3.1.2 breaks ELBv2 tests
 nose
 pyflakes
 pytest

requirements-tests.txt

@@ -23,11 +23,11 @@ black==23.9.1
     # via -r requirements-tests.in
 blinker==1.6.2
     # via flask
-boto3==1.28.44
+boto3==1.28.54
     # via
     #   aws-sam-translator
     #   moto
-botocore==1.31.44
+botocore==1.31.54
     # via
     #   aws-xray-sdk
     #   boto3
@@ -53,7 +53,7 @@ configobj==5.0.8
     # via certbot
 coverage==7.3.1
     # via -r requirements-tests.in
-cryptography==41.0.3
+cryptography==41.0.4
     # via
     #   acme
     #   certbot
@@ -73,7 +73,7 @@ ecdsa==0.18.0
     #   sshpubkeys
 factory-boy==3.3.0
     # via -r requirements-tests.in
-faker==19.6.0
+faker==19.6.2
     # via
     #   -r requirements-tests.in
     #   factory-boy
@@ -158,7 +158,7 @@ marshmallow-sqlalchemy==0.23.1
     # via -r requirements-tests.in
 mdurl==0.1.2
     # via markdown-it-py
-moto[all]==4.2.2
+moto[all]==4.2.4
     # via -r requirements-tests.in
 mpmath==1.3.0
     # via sympy
@@ -192,7 +192,7 @@ platformdirs==3.8.0
     # via black
 pluggy==1.2.0
     # via pytest
-py-partiql-parser==0.3.6
+py-partiql-parser==0.3.7
     # via moto
 pyasn1==0.5.0
     # via

requirements.txt

@@ -35,9 +35,9 @@ blinker==1.6.2
     #   flask
     #   flask-mail
     #   flask-principal
-boto3==1.28.44
+boto3==1.28.54
     # via -r requirements.in
-botocore==1.31.44
+botocore==1.31.54
     # via
     #   -r requirements.in
     #   boto3
@@ -72,13 +72,13 @@ click-plugins==1.1.1
     # via celery
 click-repl==0.3.0
     # via celery
-cloudflare==2.11.7
+cloudflare==2.12.4
     # via -r requirements.in
 configargparse==1.5.3
     # via certbot
 configobj==5.0.8
     # via certbot
-cryptography==41.0.3
+cryptography==41.0.4
     # via
     #   -r requirements.in
     #   acme
@@ -251,7 +251,7 @@ retrying==1.3.4
     # via -r requirements.in
 s3transfer==0.6.1
     # via boto3
-sentry-sdk==1.30.0
+sentry-sdk==1.31.0
     # via -r requirements.in
 six==1.16.0
     # via