From 1c801c371fe78e52037c0b0e46de1f659d3fad1b Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo@microsoft.com>
Date: Tue, 8 Feb 2022 03:04:14 -0800
Subject: [PATCH] Actionable exception from ADFS ROPC

---
 msal/application.py     | 18 ++++++++++++------
 msal/wstrust_request.py |  4 ++--
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/msal/application.py b/msal/application.py
index c8d84649..60e5e2e5 100644
--- a/msal/application.py
+++ b/msal/application.py
@@ -1417,12 +1417,18 @@ def acquire_token_by_username_password(
             user_realm_result = self.authority.user_realm_discovery(
                 username, correlation_id=headers[msal.telemetry.CLIENT_REQUEST_ID])
             if user_realm_result.get("account_type") == "Federated":
-                response = _clean_up(self._acquire_token_by_username_password_federated(
-                    user_realm_result, username, password, scopes=scopes,
-                    data=data,
-                    headers=headers, **kwargs))
-                telemetry_context.update_telemetry(response)
-                return response
+                try:
+                    response = _clean_up(self._acquire_token_by_username_password_federated(
+                        user_realm_result, username, password, scopes=scopes,
+                        data=data,
+                        headers=headers, **kwargs))
+                except (ValueError, RuntimeError):
+                    raise RuntimeError(
+                        "ADFS is not configured properly. "
+                        "Consider use acquire_token_interactive() instead.")
+                else:
+                    telemetry_context.update_telemetry(response)
+                    return response
         response = _clean_up(self.client.obtain_token_by_username_password(
                 username, password, scope=scopes,
                 headers=headers,
diff --git a/msal/wstrust_request.py b/msal/wstrust_request.py
index bdfb57ef..570bfc0e 100644
--- a/msal/wstrust_request.py
+++ b/msal/wstrust_request.py
@@ -44,8 +44,8 @@ def send_request(
             soap_action = Mex.ACTION_2005
         elif '/trust/13/usernamemixed' in endpoint_address:
             soap_action = Mex.ACTION_13
-    assert soap_action in (Mex.ACTION_13, Mex.ACTION_2005), (  # A loose check here
-        "Unsupported soap action: %s" % soap_action)
+    if soap_action not in (Mex.ACTION_13, Mex.ACTION_2005):
+        raise ValueError("Unsupported soap action: %s" % soap_action)
     data = _build_rst(
         username, password, cloud_audience_urn, endpoint_address, soap_action)
     resp = http_client.post(endpoint_address, data=data, headers={