def _handle_errors(msg):
"""Raise an exception if msg has errors.
Args:
msg: parsed json from http response.
Returns: input response.
Raises: ReauthAPIError
"""
if 'error' in msg:
raise errors.ReauthAPIError(msg['error']['message'])
return msg
def _obtain_rapt(http_request, access_token, requested_scopes, rounds_num=5):
"""Given an http request method and reauth access token, get rapt token.
Args:
http_request: callable to run http requests. Accepts uri, method, body
and headers. Returns a tuple: (response, content)
access_token: reauth access token
requested_scopes: scopes required by the client application
rounds_num: max number of attempts to get a rapt after the next
challenge, before failing the reauth. This defines total number of
challenges + number of additional retries if the chalenge input
wasn't accepted.
Returns: rapt token.
Raises:
errors.ReauthError if reauth failed
"""
msg = None
for _ in range(0, rounds_num):
if not msg:
msg = _reauth_client.get_challenges(
http_request, list(challenges.AVAILABLE_CHALLENGES.keys()),
access_token, requested_scopes)
if msg['status'] == _AUTHENTICATED:
return msg['encodedProofOfReauthToken']
if not (msg['status'] == _CHALLENGE_REQUIRED
or msg['status'] == _CHALLENGE_PENDING):
raise errors.ReauthAPIError('Challenge status {0}'.format(
msg['status']))
if not _helpers.is_interactive():
raise errors.ReauthUnattendedError()
msg = _run_next_challenge(msg, http_request, access_token)
# If we got here it means we didn't get authenticated.
raise errors.ReauthFailError()