From e554244fa2fc8e9f6c5e153e3b6bb5b2c4eb97c9 Mon Sep 17 00:00:00 2001
From: Patrick Talbert <ptalbert@redhat.com>
Date: Jun 30 2021 12:48:41 +0000
Subject: Better handle error response from Kerberos servers


When a 401 response code is returned from the kerberos server the payload
is not necessarily json formatted. To account for this, wrap the
resp.json().get() call in a try/except block.

Signed-off-by: Patrick Talbert <ptalbert@redhat.com>

---

diff --git a/waiverdb/cli.py b/waiverdb/cli.py
index d17a8cb..c8d072c 100644
--- a/waiverdb/cli.py
+++ b/waiverdb/cli.py
@@ -297,11 +297,15 @@ def cli(username, comment, waived, product_version, testcase, scenario, subject,
         resp = requests.request(
             'POST', url, auth=auth, **common_request_arguments)
         if resp.status_code == 401:
-            msg = resp.json().get(
-                'message', ('WaiverDB authentication using GSSAPI failed. Make sure you have a '
-                            'valid Kerberos ticket or that you correctly configured your Kerberos '
-                            'configuration file. Please check the doc for troubleshooting '
-                            'information.'))
+            failure_msg = ('WaiverDB authentication using GSSAPI failed. Make sure you have a '
+                           'valid Kerberos ticket or that you correctly configured your Kerberos '
+                           'configuration file. Please check the doc for troubleshooting '
+                           'information.')
+            failure_msg += '\nServer response: {}'.format(resp.text)
+            try:
+                msg = resp.json().get('message', failure_msg)
+            except json.JSONDecodeError:
+                msg = failure_msg
             raise click.ClickException(msg)
         check_response(resp, result_ids)
     elif auth_method == 'dummy':