Replace some assertions (those which shouldn't be assertions) with proper exceptions

9152c524 · Art · 2ecf0c83 · 9152c524 · 9152c524 · 9152c524
Commit 9152c524 authored 6 years ago by Art
--- a/ssoauth/__init__.py
+++ b/ssoauth/__init__.py
 import logging
 from . import checks  # As for Django 1.11 it still doesn't auto-import checks >.<
-assert checks
+assert checks  # must be imported
 logger = logging.getLogger("ssoauth")

--- a/ssoauth/auth_utils.py
+++ b/ssoauth/auth_utils.py
@@ -11,8 +11,10 @@ import importlib
 def _validate_username(username):
-    assert isinstance(username, str)
+    if not isinstance(username, str):
-    assert username == username.lower()  # because .islower() returns False when no letters present
+        raise TypeError
+    if not username == username.lower():  # weird check because .islower() returns False when no letters present
+        raise ValueError("Username must be lowere case")
 def get_user(uuid=None, username=None):
@@ -70,10 +72,10 @@ def get_or_create_user(uuid, username):
        logger.info("Created user: {username} {uuid}".format(**locals()))
        return user
-    # checks and casts
+    # prepare
    if isinstance(uuid, str):
        uuid = UUID(uuid)
-    assert isinstance(uuid, UUID) and isinstance(username, str), "Bad arguments"
+    assert isinstance(uuid, UUID) and isinstance(username, str)
    username = username.lower()
    # get or create
    user = get_user_by_uuid(uuid, username)  # best case scenario
@@ -109,12 +111,11 @@ def set_user_groups(user, saml2_groups):
        raise ImportError("Could not import {r}. {e.__class__.__name__}: {e}".format(r=app_settings.GROUP_RESOLVER, e=e))
    # resolve the groups
    groups = resolver_method(user, saml2_groups)
-    assert isinstance(groups, (list, tuple, set,)) and all(isinstance(g, Group) for g in groups), \
+    assert isinstance(groups, (list, tuple, set,)) and all(isinstance(g, Group) for g in groups)
-        "{r} instead of a list/tuple/set of Group objects returned: {garbage}".format(r=app_settings.GROUP_RESOLVER, garbage=groups)
    # update user groups
    if set(user.groups.all()) != set(groups):
        user.groups.set(groups)
-        assert set(user.groups.all()) == set(groups)  # dunno how relation.set() behaves, better safe than sorry
+        assert set(user.groups.all()) == set(groups)
        logger.info("Groups for {user} were updated.".format(user=user))
    # done
    logger.info("User {user} is member of: {groups}".format(user=user, groups=set(str(g) for g in groups)))

--- a/ssoauth/sso_utils.py
+++ b/ssoauth/sso_utils.py
@@ -58,8 +58,11 @@ def get_idp_runtime_info(meta_url):
    logger.debug("From the IDP metadata received {s} signing certs, {e} encryption certs, {sso} SSO bindings, {slo} SLO bindings.".format(
        s=len(signing), e=len(encryption), sso=len(bindings_sso_redirect), slo=len(bindings_slo_redirect),
    ))
-    assert signing and encryption, "Could not find certificates in IDP meta."
+    if not (signing and encryption):
-    assert bindings_sso_redirect is not None, "Could not find SSO HTTP-Redirect binding."
+        raise RuntimeError("Could not find certificates in IDP meta.")
+    if bindings_sso_redirect is None:
+        raise RuntimeError("Could not find SSO HTTP-Redirect binding.")
    # pack the received data
    return {
        "certificates": {
@@ -78,14 +81,16 @@ def create_onelogin_settings(template=app_settings.ONELOGIN_SETTINGS_TEMPLATE):
    # get the template
    settings = copy(template)
    # prepare some values
-    assert app_settings.SP_HOST, "SP_HOST is not set."  # before OneLogin toolkit chokes with "sp_acs_url_invalid,sp_sls_url_invalid"
+    if not app_settings.SP_HOST:
+        raise ValueError("SP_HOST is not set")  # before OneLogin toolkit chokes with "sp_acs_url_invalid,sp_sls_url_invalid"
    host_full = "{protocol}://{host}{port_suffix}".format(
        host=app_settings.SP_HOST,
        protocol="https" if app_settings.SP_SSL else "http",
        port_suffix="" if app_settings.SP_PORT in [80, 443] else ":{0}".format(app_settings.SP_PORT)
    )
    # IDP settings
-    assert app_settings.IDP_META_URL, "IDP_META_URL is not set"  # before get_idp_runtime_info starts logging errors
+    if not app_settings.IDP_META_URL:
+        raise ValueError("IDP_META_URL is not set")  # before get_idp_runtime_info starts logging errors
    idp_info = get_idp_runtime_info(app_settings.IDP_META_URL)
    settings["idp"]["x509certMulti"]["signing"] = idp_info["certificates"]["signing"]
    settings["idp"]["x509certMulti"]["encryption"] = idp_info["certificates"]["encryption"]