search

django-json-api / django-rest-framework-json-api

JSON:API support for Django REST framework
https://django-rest-framework-json-api.readthedocs.org/
BSD 2-Clause "Simplified" License
1.18k stars 295 forks source link

Invalid handling of exceptions different from ValidationError #1140

Open floels opened 1 year ago

floels commented 1 year ago

Description of the Bug Report

The current error handling assumes that each field in the error exception dictionary is a field name. This is only true for ValidationException though but not for other exception such as InvalidToken as in example below.

Error handling needs to be adjusted so ValidationException and other errors are handled different.

Orginal report

To reproduce:

  1. Start a new Django project. Install and set up:
  • Django Rest Framework,
  • DRF Simple JWT,
  • Django REST framework JSON:API.

with all standard settings.

  1. Create a minimalistic app with only one URL pattern pointing to Simple JWT's TokenRefreshView:
from django.urls import path
from rest_framework_simplejwt.views import TokenRefreshView

urlpatterns = [
  path("token/refresh/", TokenRefreshView.as_view(), name=("token_refresh")),
]
  1. Add a basic test to check the response of this view when a wrong refresh token is provided:
from django.test import TestCase

class AuthenticationTests(TestCase):
    def test_refresh_jw_token_wrong_refresh(self):
        """
        Ensure we don't obtain a refreshed JWT when providing a wrong refresh token.
        """
        response = self.client.post(
            "/myapp/token/refresh/", {"refresh": "wrong.refreshToken"}, format="json"
        )

        self.assertEqual(response.status_code, 401)
  1. Debug and inspect response.json() at the end of the test:

Capture d’écran 2023-03-16 à 17 58 08

See that the errors attribute contains two redundant items:

Capture d’écran 2023-03-16 à 19 42 23

Checklist

sliverc commented 1 year ago

Thanks for raising this issue. Indeed the current DJA error handling mainly handles ValidationError. In this case however it is a custom exception of simplejwt where DJA then thinks code and detail are field names which is not the case.

To address this issue the error handling logic needs to be rewritten that it handles ValidationError and other errors differently.

jokiefer commented 1 year ago

I also run in an equivalent behavior. If i raise an error like described in the docs, the above behavior will occurs.

My workaround was to pass in an array with the error object.