fix: return correct http code

epam · Sep 20, 2024 · f3c2728 · f3c2728
1 parent be047d4
commit f3c2728
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 12 deletions.
diff --git a/src/main/java/com/epam/aidial/core/Proxy.java b/src/main/java/com/epam/aidial/core/Proxy.java
@@ -219,7 +219,8 @@ private Future<AuthorizationResult> authorizeRequest(HttpServerRequest request)
 
         if (apiKey == null) {
             return tokenValidator.extractClaims(authorization)
-                    .map(extractedClaims -> new AuthorizationResult(new ApiKeyData(), extractedClaims));
+                    .compose(extractedClaims -> Future.succeededFuture(new AuthorizationResult(new ApiKeyData(), extractedClaims)),
+                            error -> Future.failedFuture(new HttpException(HttpStatus.UNAUTHORIZED, "Bad Authorization header")));
         }
 
         if (apiKey.equals(extractTokenFromHeader(authorization))) {

diff --git a/src/main/java/com/epam/aidial/core/security/AccessTokenValidator.java b/src/main/java/com/epam/aidial/core/security/AccessTokenValidator.java
@@ -3,8 +3,6 @@
 import com.auth0.jwk.UrlJwkProvider;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
-import com.epam.aidial.core.util.HttpException;
-import com.epam.aidial.core.util.HttpStatus;
 import com.google.common.annotations.VisibleForTesting;
 import io.vertx.core.Future;
 import io.vertx.core.Promise;
@@ -136,9 +134,6 @@ private Future<UserInfoResult> createUserInfoResultFuture(String accessToken) {
                 futures.add(idp.extractClaimsFromUserInfo(accessToken));
             }
         }
-        if (futures.isEmpty()) {
-            return Future.failedFuture("IdP is not found in Core settings to support user info endpoint for extracting user claims from access token.");
-        }
         Future.any(futures).map(compositeFuture -> {
             int size = compositeFuture.size();
             for (int i = 0; i < size; i++) {
@@ -148,7 +143,7 @@ private Future<UserInfoResult> createUserInfoResultFuture(String accessToken) {
                     return null;
                 }
             }
-            promise.fail(new HttpException(HttpStatus.UNAUTHORIZED, "Bad Authorization header"));
+            promise.fail("IdP is not found in Core settings to support user info endpoint for extracting user claims from access token.");
             return null;
         }).onFailure(promise::fail);
         return promise.future();

diff --git a/src/main/java/com/epam/aidial/core/security/IdentityProvider.java b/src/main/java/com/epam/aidial/core/security/IdentityProvider.java
@@ -5,11 +5,8 @@
 import com.auth0.jwk.JwkProvider;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
-import com.epam.aidial.core.util.HttpException;
-import com.epam.aidial.core.util.HttpStatus;
 import io.vertx.core.Future;
 import io.vertx.core.Promise;
 import io.vertx.core.Vertx;
@@ -201,8 +198,6 @@ private DecodedJWT verifyJwt(DecodedJWT jwt, JwkResult jwkResult) {
             return JWT.require(Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null)).build().verify(jwt);
         } catch (JwkException e) {
             throw new RuntimeException(e);
-        } catch (JWTVerificationException e) {
-            throw new HttpException(HttpStatus.UNAUTHORIZED, "Bad Authorization header");
         }
     }