From bbec287c173bf9aefbe5d5e5209154c3a2dfb44b Mon Sep 17 00:00:00 2001
From: Chenxiong Qi <cqi@redhat.com>
Date: Nov 28 2018 07:49:28 +0000
Subject: Use werkzeug.exceptions.Unauthorized instead


The issue this patch fixes is same as freshmaker#0c11b0e. Please refer
to that commit message to see detailed info.

Signed-off-by: Chenxiong Qi <cqi@redhat.com>

---

diff --git a/server/odcs/server/__init__.py b/server/odcs/server/__init__.py
index a436880..790e9c4 100644
--- a/server/odcs/server/__init__.py
+++ b/server/odcs/server/__init__.py
@@ -26,12 +26,12 @@ from logging import getLogger
 from flask import Flask, jsonify
 from flask_login import LoginManager
 from flask_sqlalchemy import SQLAlchemy
-from werkzeug.exceptions import BadRequest
+from werkzeug.exceptions import BadRequest, Unauthorized
 
 from odcs.server.logger import init_logging
 from odcs.server.config import init_config
 from odcs.server.proxy import ReverseProxy
-from odcs.server.errors import NotFound, Unauthorized, Forbidden
+from odcs.server.errors import NotFound, Forbidden
 
 import pkg_resources
 
@@ -77,7 +77,7 @@ def notfound_error(e):
 @app.errorhandler(Unauthorized)
 def unauthorized_error(e):
     """Flask error handler for Unauthorized exceptions"""
-    return json_error(401, 'Unauthorized', e.args[0])
+    return json_error(401, 'Unauthorized', e.description)
 
 
 @app.errorhandler(Forbidden)
diff --git a/server/odcs/server/auth.py b/server/odcs/server/auth.py
index 5c18f12..eb9ab13 100644
--- a/server/odcs/server/auth.py
+++ b/server/odcs/server/auth.py
@@ -32,8 +32,9 @@ from itertools import chain
 from flask import g
 from flask_login import login_required as _login_required
 
+from werkzeug.exceptions import Unauthorized
 from odcs.server import conf, log
-from odcs.server.errors import Unauthorized, Forbidden
+from odcs.server.errors import Forbidden
 from odcs.server.models import User
 from odcs.server.models import commit_on_success
 
diff --git a/server/odcs/server/errors.py b/server/odcs/server/errors.py
index c241c5a..73e9e82 100644
--- a/server/odcs/server/errors.py
+++ b/server/odcs/server/errors.py
@@ -30,9 +30,5 @@ class BadRequest(ValueError):
     pass
 
 
-class Unauthorized(ValueError):
-    pass
-
-
 class Forbidden(ValueError):
     pass
diff --git a/server/tests/test_auth.py b/server/tests/test_auth.py
index c35a722..29f93fa 100644
--- a/server/tests/test_auth.py
+++ b/server/tests/test_auth.py
@@ -29,6 +29,7 @@ from mock import patch, Mock
 
 import odcs.server.auth
 
+from werkzeug.exceptions import Unauthorized
 from odcs.server.auth import init_auth
 from odcs.server.auth import load_krb_user_from_request
 from odcs.server.auth import load_openidc_user
@@ -36,7 +37,6 @@ from odcs.server.auth import query_ldap_groups
 from odcs.server.auth import require_scopes
 from odcs.server.auth import load_krb_or_ssl_user_from_request
 from odcs.server.auth import load_ssl_user_from_request
-from odcs.server.errors import Unauthorized
 from odcs.server.errors import Forbidden
 from odcs.server import app, conf, db
 from odcs.server.models import User
@@ -94,7 +94,8 @@ class TestLoadSSLUserFromRequest(ModelsBaseTest):
         with app.test_request_context(environ_base=environ_base):
             with self.assertRaises(Unauthorized) as ctx:
                 load_ssl_user_from_request(flask.request)
-            self.assertTrue('Cannot verify client: GENEROUS' in ctx.exception.args)
+            self.assertIn('Cannot verify client: GENEROUS',
+                          ctx.exception.description)
 
     def test_401_if_cn_not_set(self):
         environ_base = {
@@ -104,7 +105,8 @@ class TestLoadSSLUserFromRequest(ModelsBaseTest):
         with app.test_request_context(environ_base=environ_base):
             with self.assertRaises(Unauthorized) as ctx:
                 load_ssl_user_from_request(flask.request)
-            self.assertTrue('Unable to get user information (DN) from client certificate' in ctx.exception.args)
+            self.assertIn('Unable to get user information (DN) from client certificate',
+                          ctx.exception.description)
 
 
 class TestLoadKrbOrSSLUserFromRequest(unittest.TestCase):
@@ -192,7 +194,8 @@ class TestLoadKrbUserFromRequest(ModelsBaseTest):
         with app.test_request_context():
             with self.assertRaises(Unauthorized) as ctx:
                 load_krb_user_from_request(flask.request)
-            self.assertTrue('REMOTE_USER is not present in request.' in ctx.exception.args)
+            self.assertIn('REMOTE_USER is not present in request.',
+                          ctx.exception.description)
 
 
 class TestLoadOpenIDCUserFromRequest(ModelsBaseTest):
@@ -325,7 +328,8 @@ class TestLoadOpenIDCUserFromRequest(ModelsBaseTest):
             with app.test_request_context(environ_base=environ_base):
                 with self.assertRaises(Unauthorized) as ctx:
                     load_openidc_user(flask.request)
-                self.assertTrue('Required OIDC scope new-compose not present.' in ctx.exception.args)
+                self.assertIn('Required OIDC scope new-compose not present.',
+                              ctx.exception.description)
 
 
 class TestQueryLdapGroups(unittest.TestCase):