Improve server response message to unauthorized queries (401s)
As exampled in this ticket, some queries to DQSegDB that require authentication but do not have it receive a response that includes a message like requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://segments.ligo.org/dq/H1/DMT-ANALYSIS_READY/1?s=1392937231&e=1393023631&include=active%2Cknown
. It might be worthwhile to improve the response above by giving some information on what the user needs to do or where they can find more information.
Similarly, a request over HTTP without authorization produces this error message, which could be improved to be more informative:
$ curl https://segments-backup.ligo.org/dq
<h1>401 Unauthorized</h1>
<p>GET /dq - Authorisation failure (Unauthorised) </p>
And querying using the client tools, also without authentication, produces a much-more-helpful message, but it is out-of-date, since it doesn't reference SciTokens (and the RFC-3820
part is incorrect - the dqsegdb server code works with a proxy cert or an end-entity cert):
$ ligolw_segment_query_dqsegdb --ping --segment-url https://segments.ligo.org
Traceback (most recent call last):
File "/usr/bin/ligolw_segment_query_dqsegdb", line 705, in <module>
json_out=urifunctions.getDataUrllib2(url_result)
File "/usr/lib/python3.6/site-packages/dqsegdb/urifunctions.py", line 69, in getDataUrllib2
context.load_cert_chain(*find_credential())
File "/usr/lib/python3.6/site-packages/gwdatafind/utils.py", line 124, in find_credential
creds = igwn_x509.find_credentials(timeleft=0)
File "/usr/lib/python3.6/site-packages/igwn_auth_utils/x509.py", line 210, in find_credentials
"could not find an RFC-3820 compliant X.509 credential, "
igwn_auth_utils.error.IgwnAuthError: could not find an RFC-3820 compliant X.509 credential, please generate one and try again.