Propagate redirect exceptions to the client

When a developer is implementing an Authentication plugin, in some cases (like an OpenID Connect plugin) it is needed to perform a redirect to the provider to complete the flow. This was possible in the past (before moving to Flask) by raising an exception with the proper HTTP code set, but the framework change made this possibility not available anymore. Closes-Bug: #1854041 Co-authored-by: Alvaro Lopez Garcia <aloga@ifca.unican.es> Change-Id: I333eb15c66f37207e6937d0cb3a80f26cf9bebfc
2019-11-21 11:34:40 +00:00 · 2019-11-21 11:34:40 +00:00 · 1c106f48b0
parent 262d763f79
commit 1c106f48b0
2 changed files with 20 additions and 0 deletions
--- a/keystone/exception.py
+++ b/keystone/exception.py
@ -755,3 +755,20 @@ class OAuth2OtherError(OAuth2Error):
    def __init__(self, code, title, message):
        error_title = 'other_error'
        super().__init__(code, title, error_title, message)
+
+
+class RedirectRequired(Exception):
+    """Error class for redirection.
+
+    Child classes should define an HTTP redirect url
+    message_format.
+
+    """
+
+    redirect_url = None
+    code = http.client.FOUND
+
+    def __init__(self, redirect_url, **kwargs):
+        self.redirect_url = redirect_url
+
+        super(RedirectRequired, self).__init__(**kwargs)
--- a/keystone/server/flask/application.py
+++ b/keystone/server/flask/application.py
@ -78,6 +78,9 @@ def _handle_keystone_exception(error):
    elif isinstance(error, exception.OAuth2Error):
        return oauth2_handlers.build_response(error)

+    if isinstance(error, exception.RedirectRequired):
+        return flask.redirect(error.redirect_url)
+
    # Handle logging
    if isinstance(error, exception.Unauthorized):
        LOG.warning(