From ed57cffff75db5adb9cb842bd015448ff0a7aacd Mon Sep 17 00:00:00 2001
From: Markus Scheidgen <markus.scheidgen@gmail.com>
Date: Wed, 28 Aug 2019 12:34:30 +0200
Subject: [PATCH] Run tests agains the keycloak on labdev.

---
 .gitlab-ci.yml          | 1 +
 nomad/config.py         | 8 +++++---
 nomad/infrastructure.py | 7 +++++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0d6f084a31..9b5c2cc288 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -90,6 +90,7 @@ tests:
     NOMAD_RABBITMQ_HOST: rabbitmq
     NOMAD_ELASTIC_HOST: elastic
     NOMAD_MONGO_HOST: mongo
+    NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET}
   script:
     - cd /app
     - python -m pytest --cov=nomad -sv tests
diff --git a/nomad/config.py b/nomad/config.py
index 2b6ebe8d06..dd5d8dc99b 100644
--- a/nomad/config.py
+++ b/nomad/config.py
@@ -111,14 +111,16 @@ elastic = NomadConfig(
     index_name='nomad_fairdi_calcs'
 )
 
+keycloak_base_url = 'https://labdev-nomad.esc.rzg.mpg.de/fairdi/keycloak/auth/'
+
 keycloak = NomadConfig(
-    server_url='http://localhost:8002/auth/',
-    issuer_url='http://localhost:8002/auth/realms/fairdi_nomad_test',
+    server_url=keycloak_base_url,
+    issuer_url=keycloak_base_url + 'realms/fairdi_nomad_test',
     realm_name='fairdi_nomad_test',
     username='admin',
     password='password',
     client_id='nomad_api_dev',
-    client_secret_key='ae9bb323-3793-4243-9e4b-f380c54e54e2'
+    client_secret='**********'
 )
 
 mongo = NomadConfig(
diff --git a/nomad/infrastructure.py b/nomad/infrastructure.py
index 0c26c666b2..a68a6861ae 100644
--- a/nomad/infrastructure.py
+++ b/nomad/infrastructure.py
@@ -27,6 +27,7 @@ from mongoengine import connect
 import smtplib
 from email.mime.text import MIMEText
 from keycloak import KeycloakOpenID, KeycloakAdmin
+from keycloak.exceptions import KeycloakAuthenticationError
 import json
 import jwt
 from flask import g, request
@@ -119,7 +120,7 @@ class Keycloak():
                 server_url=config.keycloak.server_url,
                 client_id=config.keycloak.client_id,
                 realm_name=config.keycloak.realm_name,
-                client_secret_key=config.keycloak.client_secret_key)
+                client_secret_key=config.keycloak.client_secret)
 
         return self.__oidc_client
 
@@ -162,8 +163,10 @@ class Keycloak():
                 username, password = basicauth.decode(auth)
                 token_info = self._oidc_client.token(username=username, password=password)
                 g.oidc_access_token = token_info['access_token']
+            except KeycloakAuthenticationError:
+                return 'Could not authenticate, wrong credentials'
             except Exception as e:
-                # TODO logging
+                logger.error('Could not authenticate Basic auth', exc_info=e)
                 return 'Could not authenticate Basic auth: %s' % str(e)
 
         if g.oidc_access_token is not None:
-- 
GitLab