Merge remote-tracking branch 'refs/remotes/drebs/bug/5191_fix-raise-of-auth-token-error' into develop

3 files changed, 16 insertions, 26 deletions

diff --git a/common/src/leap/soledad/common/errors.py b/common/src/leap/soledad/common/errors.py
index 446c4c75..3a7eadd2 100644
--- a/common/src/leap/soledad/common/errors.py
+++ b/common/src/leap/soledad/common/errors.py
@@ -51,23 +51,15 @@ class SoledadError(errors.U1DBError):
 #
 
 @register_exception
-class MissingAuthTokenError(errors.Unauthorized):
-    """
-    Exception raised when failing to get authorization for some action because
-    the auth token is missing in the tokens db.
-    """
-
-    wire_description = "missing token"
-    status = 401
-
-@register_exception
 class InvalidAuthTokenError(errors.Unauthorized):
     """
     Exception raised when failing to get authorization for some action because
-    the provided token is different from the one in the tokens db.
+    the provided token either does not exist in the tokens database, has a
+    distinct structure from the expected one, or is associated with a user
+    with a distinct uuid than the one provided by the client.
     """
 
-    wire_descrition = "token mismatch"
+    wire_descrition = "invalid auth token"
     status = 401
 
 #
diff --git a/server/changes/bug_5191_fix-raise-of-auth-token-errors b/server/changes/bug_5191_fix-raise-of-auth-token-errors
new file mode 100644
index 00000000..4e3b08ad
--- /dev/null
+++ b/server/changes/bug_5191_fix-raise-of-auth-token-errors
@@ -0,0 +1 @@
+  o Fix raising of auth token errors (#5191).
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index 11805005..e9d2b032 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -25,7 +25,7 @@ import httplib
 import simplejson as json
 
 
-from u1db import DBNAME_CONSTRAINTS
+from u1db import DBNAME_CONSTRAINTS, errors as u1db_errors
 from abc import ABCMeta, abstractmethod
 from routes.mapper import Mapper
 from couchdb.client import Server
@@ -36,8 +36,8 @@ from leap.soledad.common import (
     SHARED_DB_NAME,
     SHARED_DB_LOCK_DOC_ID_PREFIX,
     USER_DB_PREFIX,
-    errors,
 )
+from leap.soledad.common.errors import InvalidAuthTokenError
 
 
 class URLToAuthorization(object):
@@ -275,7 +275,7 @@ class SoledadAuthMiddleware(object):
                 return self._unauthorized_error(
                     start_response,
                     self._get_auth_error_string())
-        except Unauthorized as e:
+        except u1db_errors.Unauthorized as e:
             return self._error(
                 start_response,
                 401,
@@ -392,16 +392,14 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
         """
         token = auth_data  # we expect a cleartext token at this point
         try:
-            return self._verify_token_in_couchdb(uuid, token)
-        except MissingAuthTokenError():
-            raise
-        except TokenMismatchError():
+            return self._verify_token_in_couch(uuid, token)
+        except InvalidAuthTokenError:
             raise
         except Exception as e:
             log.err(e)
             return False
 
-    def _verify_token_in_couchdb(self, uuid, token):
+    def _verify_token_in_couch(self, uuid, token):
         """
         Query couchdb to decide if C{token} is valid for C{uuid}.
 
@@ -410,17 +408,16 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
         @param token: The token.
         @type token: str
 
-        @raise MissingAuthTokenError: Raised when given token is missing in
-                                      tokens db.
-        @raise InvalidAuthTokenError: Raised when token is invalid.
+        @raise InvalidAuthTokenError: Raised when token received from user is
+                                      either missing in the tokens db or is
+                                      invalid.
         """
         server = Server(url=self._app.state.couch_url)
         dbname = self.TOKENS_DB
         db = server[dbname]
         token = db.get(token)
-        if token is None:
-            raise MissingAuthTokenError()
-        if token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
+        if token is None or \
+                token[self.TOKENS_TYPE_KEY] != self.TOKENS_TYPE_DEF or \
                 token[self.TOKENS_USER_ID_KEY] != uuid:
             raise InvalidAuthTokenError()
         return True