fix(arborist): no error for unknown user (#139)

Return empty data instead of an error when arborist does not recognize a user

peregrine/auth/__init__.py

@@ -93,7 +93,11 @@ def get_read_access_projects():
     try:
         mapping = flask.current_app.auth.auth_mapping(current_user.username)
     except ArboristError as e:
-        raise AuthNError("Unable to retrieve auth mapping: {}".format(e))
+        # Arborist errored, or this user is unknown to Arborist
+        logger.warn(
+            "Unable to retrieve auth mapping for user `{}`: {}".format(current_user.username, e)
+        )
+        mapping = {}
 
     with flask.current_app.db.session_scope():
         read_access_projects = [

tests/conftest.py

@@ -1,6 +1,7 @@
 import os
 import sys
 
+from gen3authz.client.arborist.errors import ArboristError
 from indexclient.client import IndexClient
 from multiprocessing import Process
 from psqlgraph import PsqlGraphDriver
@@ -217,19 +218,27 @@ def mock_arborist_requests(request):
     """
     This fixture returns a function which you call to mock the call to
     arborist client's methods.
-    Parameter "auth_mapping" lets us specify the response for a call to
-    auth_mapping().
+
     auth_mapping() is mocked because it is called by peregrine.
     auth_request() and create_resource() are mocked because they are called
     by sheepdog, which is a dependency of the tests.
+
+    Args:
+        auth_mapping (dict): response of the call to auth_mapping()
+        known_user (boolean): True if the user is known to Arborist
+
+    Returns:
+        Mocked response
     """
 
-    def do_patch(auth_mapping={}):
+    def do_patch(auth_mapping={}, known_user=True):
         def make_mock_response(function_name):
             def response(*args, **kwargs):
                 mocked_response = MagicMock(requests.Response)
 
                 if function_name == "auth_mapping":
+                    if not known_user:
+                        raise ArboristError("User does not exist in Arborist")
                     mocked_response.items = auth_mapping.items
 
                 if function_name == "create_resource":
@@ -261,8 +270,8 @@ def response(*args, **kwargs):
 def arborist_authorized(mock_arborist_requests):
     """
     By default, mocked auth_mapping() calls return read access to CGCI-BLGSP.
-    To mock a different response, use fixture
-    "mock_arborist_requests(auth_mapping={...})" in the test itself
+    To mock a different response, use the fixture in the test itself:
+    "mock_arborist_requests(auth_mapping={...}, known_user=True/False)"
     """
     mock_arborist_requests(auth_mapping={
         "/programs/CGCI/projects/BLGSP": [

tests/graphql/test_graphql.py

@@ -1447,3 +1447,18 @@ def test_boolean_filter(client, submitter, pg_driver_clean, cgci_blgsp):
     print("Filtering by boolean=[true,false] should return the experiment:")
     print(r.data)
     assert len(r.json["data"]["experiment"]) == 1
+
+
+def test_arborist_unknown_user(client, pg_driver_clean, submitter, cgci_blgsp, mock_arborist_requests):
+    """
+    Tests that if a logged in user does not exist in the DB, peregrine does
+    not throw an error but gracefully returns no data
+    """
+    post_example_entities_together(client, pg_driver_clean, submitter)
+    mock_arborist_requests(known_user=False)
+    r = client.post(
+        path,
+        headers=submitter,
+        data=json.dumps({"query": "{ project { code } }"})
+    )
+    assert r.json == { "data": { "project": [] } }