CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

OIDC client: Add more logging

Browse Source
This commit is contained in:
Raphael Michel
2025-08-05 09:48:16 +02:00
parent 3a6d7b8e92
commit a3b1e4d208
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/pretix/base/customersso/oidc.py
View File

@@ -199,6 +199,7 @@ def oidc_validate_authorization(provider, code, redirect_uri, pkce_code_verifier
params['client_id'] = provider.configuration['client_id'] params['client_id'] = provider.configuration['client_id']
params['client_secret'] = provider.configuration['client_secret'] params['client_secret'] = provider.configuration['client_secret']
resp = None
try: try:
resp = requests.post( resp = requests.post(
endpoint, endpoint,
@@ -214,7 +215,10 @@ def oidc_validate_authorization(provider, code, redirect_uri, pkce_code_verifier
resp.raise_for_status() resp.raise_for_status()
data = resp.json() data = resp.json()
except RequestException: except RequestException:
logger.exception('Could not retrieve authorization token') if resp:
logger.exception(f'Could not retrieve authorization token. Response: {resp.text}')
else:
logger.exception('Could not retrieve authorization token')
raise ValidationError( raise ValidationError(
_('Login was not successful. Error message: "{error}".').format( _('Login was not successful. Error message: "{error}".').format(
error='could not reach login provider', error='could not reach login provider',
@@ -222,6 +226,7 @@ def oidc_validate_authorization(provider, code, redirect_uri, pkce_code_verifier
) )
if 'access_token' not in data: if 'access_token' not in data:
logger.error(f'Could not find access token. Response: {data}')
raise ValidationError( raise ValidationError(
_('Login was not successful. Error message: "{error}".').format( _('Login was not successful. Error message: "{error}".').format(
error='access token missing', error='access token missing',
@@ -229,6 +234,7 @@ def oidc_validate_authorization(provider, code, redirect_uri, pkce_code_verifier
) )
endpoint = provider.configuration['provider_config']['userinfo_endpoint'] endpoint = provider.configuration['provider_config']['userinfo_endpoint']
resp = None
try: try:
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
resp = requests.get( resp = requests.get(
@@ -240,7 +246,10 @@ def oidc_validate_authorization(provider, code, redirect_uri, pkce_code_verifier
resp.raise_for_status() resp.raise_for_status()
userinfo = resp.json() userinfo = resp.json()
except RequestException: except RequestException:
logger.exception('Could not retrieve user info') if resp:
logger.exception(f'Could not retrieve user info. Response: {resp.text}')
else:
logger.exception('Could not retrieve user info')
raise ValidationError( raise ValidationError(
_('Login was not successful. Error message: "{error}".').format( _('Login was not successful. Error message: "{error}".').format(
error='could not fetch user info', error='could not fetch user info',