Catch OIDC error

I'm not sure if this can be tested easily, or needs to be.
2026-02-07 22:46:06 +00:00 · 2025-01-15 17:00:34 +11:00
parent a1df61c612
commit 4ce2730bf0
3 changed files with 70 additions and 1 deletions
--- a/app/controllers/admin/dfc_product_imports_controller.rb
+++ b/app/controllers/admin/dfc_product_imports_controller.rb
@@ -37,7 +37,8 @@ module Admin
      @count = imported.compact.count
    rescue Faraday::Error,
           Addressable::URI::InvalidURIError,
-           ActionController::ParameterMissing => e
+           ActionController::ParameterMissing,
+           Rack::OAuth2::Client::Error => e
      flash[:error] = e.message
      redirect_to admin_product_import_path
    end
--- a/spec/fixtures/vcr_cassettes/DFC_Product_Import/shows_oauth_error_message.yml
+++ b/spec/fixtures/vcr_cassettes/DFC_Product_Import/shows_oauth_error_message.yml
@@ -0,0 +1,47 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Content-Type:
+      - application/json
+      Authorization:
+      - "<HIDDEN-AUTHORIZATION-HEADER>"
+      User-Agent:
+      - Faraday v2.9.0
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 403
+      message: Forbidden
+    headers:
+      Server:
+      - openresty
+      Date:
+      - Tue, 21 Jan 2025 00:56:03 GMT
+      Content-Type:
+      - application/json; charset=utf-8
+      Content-Length:
+      - '78'
+      Connection:
+      - keep-alive
+      X-Powered-By:
+      - Express
+      Access-Control-Allow-Origin:
+      - "*"
+      Etag:
+      - W/"4e-vJeBLxgahmv23yP9gdPJW/woako"
+      Strict-Transport-Security:
+      - max-age=15811200
+    body:
+      encoding: UTF-8
+      string: '{"message":"User access denied - token missing","error":"User not authorized"}'
+  recorded_at: Tue, 21 Jan 2025 00:56:04 GMT
+recorded_with: VCR 6.2.0
--- a/spec/system/admin/dfc_product_import_spec.rb
+++ b/spec/system/admin/dfc_product_import_spec.rb
@@ -74,6 +74,27 @@ RSpec.describe "DFC Product Import" do
    expect(product.image).to be_present
  end

+  it "shows oauth error message", vcr: true do
+    allow_any_instance_of(DfcRequest).to receive(:refresh_access_token!).and_raise(
+      Rack::OAuth2::Client::Error.new(
+        1, { error: "invalid_grant", error_description: "session not active" }
+      )
+    )
+
+    user.update!(oidc_account: build(:testdfc_account))
+
+    visit admin_product_import_path
+
+    select enterprise.name, from: "Enterprise"
+    url = "https://env-0105831.jcloud-ver-jpe.ik-server.com/api/dfc/Enterprises/test-hodmedod/SuppliedProducts"
+    fill_in "catalog_url", with: url
+
+    click_button "Import"
+
+    expect(page).to have_content "invalid_grant"
+    expect(page).to have_content "session not active"
+  end
+
  it "fails gracefully" do
    user.oidc_account.update!(
      uid: "anonymous@example.net",