From 6e04057488aadd72606feec504efe5d0b45a52c4 Mon Sep 17 00:00:00 2001 From: Bryan Wilson Date: Mon, 3 Jul 2023 14:53:22 -0700 Subject: [PATCH] Allow user patch API 404 exceptions for superusers. Addresses issue with Appsembler superuser users who are associated with a different Tenant than the one being used. Helps keep from having to proliferate a ton of admin accounts just to match with each customer Tenant. --- tahoe_idp/api.py | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/tahoe_idp/api.py b/tahoe_idp/api.py index 512591a..4f05cde 100644 --- a/tahoe_idp/api.py +++ b/tahoe_idp/api.py @@ -12,9 +12,11 @@ * For breaking changes, new functions should be created """ +import contextlib from datetime import datetime import logging import pytz +from requests import exceptions as requests_exceptions from social_django.models import UserSocialAuth from urllib.parse import urlencode @@ -26,6 +28,21 @@ log = logging.getLogger(__name__) +@contextlib.contextmanager +def with_user_api_allowed_error_conditions(user): + """API function context manager to handle allowable error conditions.""" + + try: + yield + except requests_exceptions.HTTPError: + # Superusers may be associated with Tenants other than the one + # matching the domain in the request context. + if user.is_superuser: + log.info('Catching 404 from IdP for Tahoe superuser {}'.format(user.username)) + else: + raise + + def request_password_reset(email): """ Start password reset email for Username|Password Database Connection users. @@ -92,12 +109,13 @@ def update_user(user, properties): if idp_user_id is None: return - client_response = api_client.patch_user( - user_id=idp_user_id, - request=properties, - ) - http_response = helpers.get_successful_fusion_auth_http_response(client_response) - return http_response + with with_user_api_allowed_error_conditions(user): + client_response = api_client.patch_user( + user_id=idp_user_id, + request=properties, + ) + http_response = helpers.get_successful_fusion_auth_http_response(client_response) + return http_response def update_user_email(user, email, set_email_as_verified=False):