folio-org · yauhen-vavilkin · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -11,12 +11,14 @@
 import static org.folio.login.domain.dto.ErrorCode.TOKEN_LOGOUT_UNPROCESSABLE;
 import static org.folio.login.domain.dto.ErrorCode.TOKEN_PARSE_FAILURE;
 import static org.folio.login.domain.dto.ErrorCode.TOKEN_REFRESH_UNPROCESSABLE;
+import static org.folio.login.domain.dto.ErrorCode.UNAUTHORIZED_ERROR;
 import static org.folio.login.domain.dto.ErrorCode.UNKNOWN_ERROR;
 import static org.folio.login.domain.dto.ErrorCode.VALIDATION_ERROR;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 import static org.springframework.http.HttpStatus.NOT_IMPLEMENTED;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
 import static org.springframework.http.HttpStatus.UNPROCESSABLE_ENTITY;
 
 import jakarta.persistence.EntityExistsException;
@@ -38,6 +40,7 @@
 import org.folio.login.exception.TokenLogoutException;
 import org.folio.login.exception.TokenParsingException;
 import org.folio.login.exception.TokenRefreshException;
+import org.folio.login.exception.UnauthorizedException;
 import org.folio.spring.cql.CqlQueryValidationException;
 import org.folio.spring.exception.NotFoundException;
 import org.springframework.dao.InvalidDataAccessApiUsageException;
@@ -298,6 +301,12 @@ public ResponseEntity<ErrorResponse> handleAllOtherExceptions(Exception exceptio
     return buildResponseEntity(exception, INTERNAL_SERVER_ERROR, UNKNOWN_ERROR);
   }
 
+  @ExceptionHandler(UnauthorizedException.class)
+  public ResponseEntity<ErrorResponse> handleUnauthorizedException(UnauthorizedException exception) {
+    logException(DEBUG, exception);
+    return buildResponseEntity(exception, UNAUTHORIZED, UNAUTHORIZED_ERROR);
+  }
+
   private static ErrorResponse buildValidationError(Exception exception, List<Parameter> parameters) {
     return buildErrorResponse(exception, parameters, VALIDATION_ERROR);
   }

@@ -0,0 +1,14 @@
+package org.folio.login.exception;
+
+public class UnauthorizedException extends RuntimeException {
+
+  /**
+   * Creates {@link org.folio.login.exception.UnauthorizedException} with error message and error cause.
+   *
+   * @param message - error message as {@link String} object
+   * @param cause - error cause as {@link Throwable} object
+   */
+  public UnauthorizedException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
@@ -27,6 +27,7 @@
 import org.folio.login.domain.model.UserCredentials;
 import org.folio.login.exception.RequestValidationException;
 import org.folio.login.exception.ServiceException;
+import org.folio.login.exception.UnauthorizedException;
 import org.folio.login.integration.kafka.LogoutEventPublisher;
 import org.folio.login.integration.keycloak.KeycloakClient;
 import org.folio.login.util.TokenRequestHelper;
@@ -183,6 +184,8 @@ private KeycloakAuthentication getToken(String userAgent, String forwardedFor, M
     var tenantId = folioExecutionContext.getTenantId();
     try {
       return keycloakClient.callTokenEndpoint(tenantId, payload, userAgent, forwardedFor);
+    } catch (FeignException.Unauthorized e) {
+      throw new UnauthorizedException("Unauthorized error", e);
     } catch (FeignException cause) {
       throw new ServiceException("Failed to obtain a token", cause);
     }

@@ -12,6 +12,7 @@
     "found_error",
     "token.parse.failure",
     "token.refresh.unprocessable",
-    "token.logout.unprocessable"
+    "token.logout.unprocessable",
+    "unauthorized_error"
   ]
 }
@@ -126,7 +126,7 @@ private static void callLoginEndpointWithInvalidCreds() {
         .contentType(APPLICATION_JSON)
         .header(XOkapiHeaders.TENANT, TENANT)
         .content(asJsonString(invalidLoginCredentials())))
-      .andExpect(status().isBadRequest());
+      .andExpect(status().isUnauthorized());
   }
 
   @SneakyThrows

@@ -95,7 +95,7 @@ private static void callLoginEndpointWithInvalidCreds() throws Exception {
         .contentType(APPLICATION_JSON)
         .header(XOkapiHeaders.TENANT, TENANT)
         .content(asJsonString(invalidLoginCredentials())))
-      .andExpect(status().isBadRequest());
+      .andExpect(status().isUnauthorized());
   }
 
   @SneakyThrows

@@ -37,6 +37,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
+import feign.FeignException;
 import feign.RetryableException;
 import jakarta.persistence.EntityNotFoundException;
 import jakarta.ws.rs.core.Form;
@@ -48,6 +49,7 @@
 import org.folio.login.domain.model.UserCredentials;
 import org.folio.login.exception.RequestValidationException;
 import org.folio.login.exception.ServiceException;
+import org.folio.login.exception.UnauthorizedException;
 import org.folio.login.integration.kafka.LogoutEventPublisher;
 import org.folio.login.integration.keycloak.KeycloakClient;
 import org.folio.login.support.TestConstants;
@@ -136,6 +138,22 @@ void getUserToken_negative_KeycloakError() {
       .hasMessage("Failed to obtain a token");
   }
 
+  @Test
+  void getUserToken_negative_unauthorizedException() {
+    var requestData = loginRequest(USERNAME, PASSWORD, CLIENT_ID, CLIENT_SECRET);
+    var realmConfig = keycloakRealmConfiguration();
+
+    when(folioExecutionContext.getTenantId()).thenReturn(TENANT);
+    when(realmConfigurationProvider.getRealmConfiguration()).thenReturn(realmConfig);
+    when(keycloakClient.callTokenEndpoint(TENANT, requestData, null, null))
+      .thenThrow(FeignException.Unauthorized.class);
+
+    var credentials = loginCredentials();
+    assertThatThrownBy(() -> keycloakService.getUserToken(credentials, null, null))
+      .isInstanceOf(UnauthorizedException.class)
+      .hasMessage("Unauthorized error");
+  }
+
   @Test
   void updateCredentials_positive() {
     changePassword();