Return 403 instead of 500 when policy check fails

This patch fixes an issue where a 500 response is sent instead of a 403 when a request is made using the wrong scope. e.g. Using project scope instead of system scope. Story: 2009170 Task: 43200 Change-Id: Id399d2220118efe1033426c658d1834cbff02f94
2021-09-01 15:57:54 -05:00 · 2021-09-01 15:57:54 -05:00 · 200bff896c
commit 200bff896c
parent aa7bf8863f
1 changed files with 1 additions and 1 deletions
--- a/barbican/api/init.py
+++ b/barbican/api/init.py
@ -96,7 +96,7 @@ def generate_safe_exception_message(operation_name, excep):

    try:
        raise excep
-    except policy.PolicyNotAuthorized:
+    except (policy.PolicyNotAuthorized, policy.InvalidScope):
        message = u._(
            '{operation} attempt not allowed - '
            'please review your '