Exception Investigation: app.notify_client:InviteTokenError

[ccostino]

This is one of the errors we've seen captured in New Relic that we'd like to dig into and understand, if not also resolve.

It looks like we still have references to GOV.UK Notify in our code base. 🙁

Error message: Your invitation to GOV.UK Notify has expired. Please ask the person that invited you to send you another one Path: /invitation/ Exception: app.notify_client:InviteTokenError

Traceback (most recent call last):
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/eventlet/greenthread.py", line 221, in main
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/gunicorn/workers/geventlet.py", line 157, in handle
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 55, in handle
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 108, in handle_request
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/newrelic/api/wsgi_application.py", line 669, in _nr_wsgi_application_wrapper_
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/flask/app.py", line 2213, in __call__
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/notifications_utils/request_helper.py", line 80, in __call__
File "/home/vcap/app/app/proxy_fix.py", line 11, in __call__
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/werkzeug/middleware/proxy_fix.py", line 182, in __call__
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/newrelic/api/wsgi_application.py", line 564, in _nr_wsgi_application_wrapper_
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
File "/home/vcap/deps/0/python/lib/python3.9/site-packages/newrelic/hooks/framework_flask.py", line 82, in _nr_wrapper_handler_
File "/home/vcap/app/app/main/views/invites.py", line 13, in accept_invite
File "/home/vcap/app/app/models/user.py", line 531, in from_token

Implementation Sketch and Acceptance Criteria

• [ ] Look through our log history at https://logs.fr.cloud.gov/ and see if any patterns emerge that might indicate what conditions cause this
• [ ] Try and replicate the error, if possible
• [ ] Follow up in this issue with any findings and possible remediation steps

Security Considerations

• Be mindful of not sharing sensitive information.
• We'd like to reduce the errors that occur in the application where possible to maintain application stability and performance, and reduce the chances that the application ends up in an error or invalid state.

[terrazoon]

I'm still looking into this one, but my impression right now is these are totally legit errors where the user is using an expired invitation.

The text needs changing of course. Also, it doesn't seem like we can artificially age the invitation by going into the invited_users table and changing the creation time. It seems like the creation time is also hardcoded into a token. So I was able to use an invitation that I had tried to artificially age, and I could join the service. I'm going to send myself a bunch of invitation and test them tomorrow when they age out for real.

[ecayer]

@terrazoon We see your API PR to fix the text (https://github.com/GSA/notifications-api/pull/992). Is there anything that needs to be done about being able to accept expired invites? Thanks!

[ccostino]

Noting here that https://github.com/GSA/notifications-api/pull/992 has been merged!