diff --git a/zerver/tests/test_auth_backends.py b/zerver/tests/test_auth_backends.py index 72d157b579..f07e79a06c 100644 --- a/zerver/tests/test_auth_backends.py +++ b/zerver/tests/test_auth_backends.py @@ -19,6 +19,7 @@ import mock import re import datetime import time +import requests from zerver.lib.actions import ( do_create_user, @@ -1354,6 +1355,12 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase): self.assertEqual(result.status_code, 302) self.assertIn('login', result.url) + with mock.patch('social_core.backends.oauth.BaseOAuth2.auth_complete', + side_effect=requests.exceptions.HTTPError): + result = self.client_get(reverse('social:complete', args=[self.backend.name])) + self.assertEqual(result.status_code, 302) + self.assertIn('login', result.url) + def test_social_auth_complete_when_base_exc_is_raised(self) -> None: with mock.patch('social_core.backends.oauth.BaseOAuth2.auth_complete', side_effect=AuthStateForbidden('State forbidden')), \ diff --git a/zproject/backends.py b/zproject/backends.py index b2fc1a2e5b..9e20ac44ef 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -1338,10 +1338,11 @@ class SocialAuthMixin(ZulipAuthMixin, ExternalAuthMethod): try: # Call the auth_complete method of social_core.backends.oauth.BaseOAuth2 return super().auth_complete(*args, **kwargs) # type: ignore[misc] # monkey-patching - except AuthFailed as e: + except (AuthFailed, HTTPError) as e: # When a user's social authentication fails (e.g. because # they did something funny with reloading in the middle of - # the flow), don't throw a 500, just send them back to the + # the flow or the IdP is unreliable and returns a bad http response), + # don't throw a 500, just send them back to the # login page and record the event at the info log level. logging.info(str(e)) return None