401 on invalid token instead of 422?

IndominusByte / fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)

http://indominusbyte.github.io/fastapi-jwt-auth/

MIT License

644 stars 150 forks source link

401 on invalid token instead of 422? #20

Open SelfhostedPro opened 3 years ago

SelfhostedPro commented 3 years ago

Is there a way to return 401 when "Signature verification failed" instead of a 422 error? I get this when restarting my application if I was logged in previously (as I'm using a randomly generated secret key).

IndominusByte commented 3 years ago

yeah, you right but it depends on perspective its can 401 or 422, for all jwt decode error raised status code 422 for simplicity, in your opinion should I change to 401? btw this is code exceptions jwt decode error

Screen Shot 2020-11-11 at 00 02 17

SelfhostedPro commented 3 years ago

In my opinion, I think it should be a 401, or there should be a way to set it as 401 for a specific endpoint. Could I do something like the following?

def login:
  try:
    Authorize.jwt_required()
  except JWTException as exc:
    raise HTTPException(status_code=401, detail=exc.detail)

IndominusByte commented 3 years ago

Yeah you can if you want to change the status code in a specific endpoint it could be done like this

from fastapi_jwt_auth.exceptions import JWTDecodeError

@app.get('/user')
def user(Authorize: AuthJWT = Depends()):
    try:
        Authorize.jwt_required()
    except JWTDecodeError as err:
        status_code = err.status_code
        if err.message == "Signature verification failed":
            status_code = 401
        raise HTTPException(status_code=status_code,detail=err.message)

    current_user = Authorize.get_jwt_subject()
    return {"user": current_user}

agordhandas commented 3 years ago

Hi @IndominusByte : In https://github.com/IndominusByte/fastapi-jwt-auth/blob/a6c06193319da0e4976c7472966f3a2891e0d50c/fastapi_jwt_auth/auth_jwt.py#L638 would it be okay to modify the following:

        except Exception as err:
            raise JWTDecodeError(status_code=422,message=str(err))

to instead raise the base jwt error (e.g., SignatureExpiredError)?

IndominusByte commented 3 years ago

Hi @agordhandas, instead create a new exception, I'll change the status code that doesn't fit the 422 status code based on pyjwt exceptions. I'll do later in the next version, thanks for your suggestion 🙏

danladis commented 3 years ago

Hi @agordhandas, instead create a new exception, I'll change the status code that doesn't fit the 422 status code based on pyjwt exceptions. I'll do later in the next version, thanks for your suggestion 🙏

Any update on this?

Elyasomer commented 1 year ago

@IndominusByte Any update?

Btw I found a solution that works for me. I added an exception handler like this:

@app.exception_handler(AuthJWTException)
def authjwt_exception_handler(request: Request, exc: AuthJWTException):
    return responses.JSONResponse(
        status_code=401,
        content={"detail": exc.message}
    )