search

codefordenver / partner-finder

Using an open dataset with registered colorado business to build a tool that manages outreach to potential CFD partners.
3 stars 14 forks source link

Server error when submitting invalid json web token #155

Closed galbwe closed 3 years ago

galbwe commented 3 years ago

The api returns a 500 response when an improperly formatted JWT token is submitted in the Authorization header.

To reproduce:

Based on the logs:

api_1  |   File "/app/api/auth.py", line 62, in decorated_view
api_1  |     credentials = decode_jwt(token)
api_1  |   File "/app/api/auth.py", line 34, in decode_jwt
api_1  |     return jwt.decode(
api_1  |   File "/usr/local/lib/python3.9/site-packages/jose/jwt.py", line 144, in decode
api_1  |     raise JWTError(e)
api_1  | jose.exceptions.JWTError: Not enough segments

It looks like we need to handle a JWTError when calling decode_jwt on line 62 of auth.py.

The api should return a 401 response using _auth_failure_response in the same file.

yimjay commented 3 years ago

Happy to take this one if no one will :)