diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d6f084a318470c21b3adac719565a73ad79216a..9b5c2cc288e2b5011df9cf44d0bb5e926d2f092d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -90,6 +90,7 @@ tests: NOMAD_RABBITMQ_HOST: rabbitmq NOMAD_ELASTIC_HOST: elastic NOMAD_MONGO_HOST: mongo + NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET} script: - cd /app - python -m pytest --cov=nomad -sv tests diff --git a/nomad/config.py b/nomad/config.py index 2b6ebe8d065384633b61986e51d8c3660271577f..dd5d8dc99bd9c14c3f397cbb3b53dbb51716ff6f 100644 --- a/nomad/config.py +++ b/nomad/config.py @@ -111,14 +111,16 @@ elastic = NomadConfig( index_name='nomad_fairdi_calcs' ) +keycloak_base_url = 'https://labdev-nomad.esc.rzg.mpg.de/fairdi/keycloak/auth/' + keycloak = NomadConfig( - server_url='http://localhost:8002/auth/', - issuer_url='http://localhost:8002/auth/realms/fairdi_nomad_test', + server_url=keycloak_base_url, + issuer_url=keycloak_base_url + 'realms/fairdi_nomad_test', realm_name='fairdi_nomad_test', username='admin', password='password', client_id='nomad_api_dev', - client_secret_key='ae9bb323-3793-4243-9e4b-f380c54e54e2' + client_secret='**********' ) mongo = NomadConfig( diff --git a/nomad/infrastructure.py b/nomad/infrastructure.py index 0c26c666b277664e4719b528ca196d1019b25a28..a68a6861aeb63088ff2349b030fc993233ea406d 100644 --- a/nomad/infrastructure.py +++ b/nomad/infrastructure.py @@ -27,6 +27,7 @@ from mongoengine import connect import smtplib from email.mime.text import MIMEText from keycloak import KeycloakOpenID, KeycloakAdmin +from keycloak.exceptions import KeycloakAuthenticationError import json import jwt from flask import g, request @@ -119,7 +120,7 @@ class Keycloak(): server_url=config.keycloak.server_url, client_id=config.keycloak.client_id, realm_name=config.keycloak.realm_name, - client_secret_key=config.keycloak.client_secret_key) + client_secret_key=config.keycloak.client_secret) return self.__oidc_client @@ -162,8 +163,10 @@ class Keycloak(): username, password = basicauth.decode(auth) token_info = self._oidc_client.token(username=username, password=password) g.oidc_access_token = token_info['access_token'] + except KeycloakAuthenticationError: + return 'Could not authenticate, wrong credentials' except Exception as e: - # TODO logging + logger.error('Could not authenticate Basic auth', exc_info=e) return 'Could not authenticate Basic auth: %s' % str(e) if g.oidc_access_token is not None: