search

fastsurvey / backend

FastSurvey's backend that's crunching the data
1 stars 0 forks source link

API: Statuscode 500 instead of 4xx when jwt has expired #47

Closed dostuffthatmatters closed 3 years ago

dostuffthatmatters commented 3 years ago

When I try to GET /authentication with an access_token that has expired I get back a 500 instead of a 400/401.

The Server logs say:

INFO:     127.0.0.1:57213 - "GET /authentication HTTP/1.1" 500 Internal Server Error
ERROR:    Exception in ASGI application
Traceback (most recent call last):
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/uvicorn/protocols/http/httptools_impl.py", line 390, in run_asgi
    result = await app(self.scope, self.receive, self.send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/uvicorn/middleware/proxy_headers.py", line 45, in __call__
    return await self.app(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/fastapi/applications.py", line 179, in __call__
    await super().__call__(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/applications.py", line 111, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/middleware/errors.py", line 181, in __call__
    raise exc from None
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/middleware/errors.py", line 159, in __call__
    await self.app(scope, receive, _send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/middleware/cors.py", line 86, in __call__
    await self.simple_response(scope, receive, send, request_headers=headers)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/middleware/cors.py", line 142, in simple_response
    await self.app(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/exceptions.py", line 82, in __call__
    raise exc from None
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/exceptions.py", line 71, in __call__
    await self.app(scope, receive, sender)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/routing.py", line 566, in __call__
    await route.handle(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/routing.py", line 227, in handle
    await self.app(scope, receive, send)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/starlette/routing.py", line 41, in app
    response = await func(request)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/fastapi/routing.py", line 182, in app
    raw_response = await run_endpoint_function(
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/fastapi/routing.py", line 133, in run_endpoint_function
    return await dependant.call(**values)
  File "./app/main.py", line 258, in decode_access_token
    return jwt_manager.decode(access_token)
  File "./app/cryptography.py", line 93, in decode
    payload = jwt.decode(
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/jwt/api_jwt.py", line 104, in decode
    self._validate_claims(payload, merged_options, **kwargs)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/jwt/api_jwt.py", line 134, in _validate_claims
    self._validate_exp(payload, now, leeway)
  File "/Users/dostuffthatmatters/Documents/projects/current/fastsurvey/backend/venv/lib/python3.8/site-packages/jwt/api_jwt.py", line 175, in _validate_exp
    raise ExpiredSignatureError('Signature has expired')
jwt.exceptions.ExpiredSignatureError: Signature has expired

There is probably no try/except catch or except is missing this case.

I am working on e7736c3 (HEAD -> adjust-to-frontend, origin/adjust-to-frontend) Remove certifi package.

empicano commented 3 years ago

If you go on the newest master commit, that should be fixed. Can you confirm that for me?

dostuffthatmatters commented 3 years ago

Yes! Now I get a 401.

Really fast support here ;) And I should always run the newest version ^^