🐛 Catch AuthTokenError in middleware (#13608)

Author: manuel-sommer

dojo/middleware.py

@@ -16,7 +16,7 @@
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.functional import SimpleLazyObject
-from social_core.exceptions import AuthCanceled, AuthFailed, AuthForbidden
+from social_core.exceptions import AuthCanceled, AuthFailed, AuthForbidden, AuthTokenError
 from social_django.middleware import SocialAuthExceptionMiddleware
 from watson.middleware import SearchContextMiddleware
 from watson.search import search_context_manager
@@ -94,6 +94,9 @@ def process_exception(self, request, exception):
         if isinstance(exception, AuthForbidden):
             messages.error(request, "You are not authorized to log in via this method. Please contact support or use the standard login.")
             return redirect("/login?force_login_form")
+        if isinstance(exception, AuthTokenError):
+            messages.error(request, "Social login failed due to an invalid or expired token. Please try again or use the standard login.")
+            return redirect("/login?force_login_form")
         if isinstance(exception, TypeError) and "'NoneType' object is not iterable" in str(exception):
             logger.warning("OIDC login error: NoneType is not iterable")
             messages.error(request, "An unexpected error occurred during social login. Please use the standard login.")

unittests/test_social_auth_failure_handling.py

@@ -7,7 +7,7 @@
 from django.http import HttpResponse
 from django.test import RequestFactory, override_settings
 from requests.exceptions import ConnectionError as RequestsConnectionError
-from social_core.exceptions import AuthCanceled, AuthFailed, AuthForbidden
+from social_core.exceptions import AuthCanceled, AuthFailed, AuthForbidden, AuthTokenError
 
 from dojo.middleware import CustomSocialAuthExceptionMiddleware
 
@@ -52,6 +52,7 @@ def test_social_auth_exception_redirects_to_login(self):
             (AuthCanceled("User canceled login"), "Social login was canceled. Please try again or use the standard login."),
             (AuthFailed("Token exchange failed"), "Social login failed. Please try again or use the standard login."),
             (AuthForbidden("User not allowed"), "You are not authorized to log in via this method. Please contact support or use the standard login."),
+            (AuthTokenError("Invalid or expired token"), "Social login failed due to an invalid or expired token. Please try again or use the standard login."),
         ]
         for path in login_paths:
             for exception, expected_message in exceptions: