Closed ashokdelphia closed 4 years ago
Merging #72 into master will increase coverage by
0.01%
. The diff coverage is100.00%
.
@@ Coverage Diff @@
## master #72 +/- ##
==========================================
+ Coverage 98.12% 98.14% +0.01%
==========================================
Files 19 19
Lines 481 484 +3
Branches 45 46 +1
==========================================
+ Hits 472 475 +3
Misses 7 7
Partials 2 2
Flag | Coverage Δ | |
---|---|---|
#codecov | 98.14% <100.00%> (+0.01%) |
:arrow_up: |
#dj111 | 97.67% <100.00%> (+0.01%) |
:arrow_up: |
#dj20 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#dj21 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#dj22 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#dj30 | 97.72% <100.00%> (+0.01%) |
:arrow_up: |
#drf310 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#drf311 | 97.72% <100.00%> (+0.01%) |
:arrow_up: |
#drf37 | 97.25% <100.00%> (-0.41%) |
:arrow_down: |
#drf38 | 97.67% <100.00%> (+0.01%) |
:arrow_up: |
#drf39 | 97.67% <100.00%> (+0.01%) |
:arrow_up: |
#py27 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#py35 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#py36 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#py37 | 97.25% <100.00%> (+0.01%) |
:arrow_up: |
#py38 | 97.10% <100.00%> (+0.01%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
Impacted Files | Coverage Δ | |
---|---|---|
src/rest_framework_jwt/authentication.py | 97.11% <100.00%> (+0.08%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 12c08db...a33765d. Read the comment docs.
I'd really appreciate it if we could review / merge / release this.
In one project, I'm getting a number of 500 errors every day, because people with expired tokens that use an old algorithm are trying them. I don't think there's a good way to handle that outside of the library, but this change would mean they get a straightforward 401 instead.
Add some more tests for error cases with 'bad' tokens. (c2c2c8b)
Handle more token errors. (a33765d)
There are a number of subclasses of InvalidTokenError that bubble up as unhandled errors in the old code.
I've kept the explicit handling of DecodeError and Expired Signature, which are also children of InvalidTokenError, in order to preserve their distinctive responses.
(There's a similar ladder in rest_framework_jwt.utils::check_payload, but I didn't dig very far into whether that should also be handling all InvalidTokenErrors.)
I ran into this after migrating algorithms, and after dropping support for the old algorithm I get a 500 error from the unhandled
InvalidAlgorithmError
when using an 'old' token. Digging in, I saw there were a handful of other cases that would also bubble up as unhandled errors.I didn't try and handle
PyJWTError
orInvalidKeyError
(which are higher up the tree of exceptions thanInvalidTokenError
) as those seem more like things that are misconfigured, whereas I think everything underInvalidTokenError
could reasonably be some oddball on the internet sending a funny-looking token.