search

hubmapconsortium / commons

The common code supporting the HuBMAP web services
MIT License
1 stars 0 forks source link

`check_write_privs` results in 500 with a non active token #115

Closed maxsibilla closed 5 months ago

maxsibilla commented 11 months ago

Can be tested against the SenNet Ingest API /privs/<group_uuid>/has-write endpoint

If an expired token is passed to the above endpoint this line with fail with a 500 error: https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L273-L274

{
    "error": "500 Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application."
}

The issue is that the method getUserInfo (https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L467C9-L467C9) returns a Flask Response object, which does not contain the attribute text which is what the method check_write_privs checks for explicitly.

shirey commented 5 months ago

When we fix these make sure to check AuthHelper.has_data_admin_privs(token) as it may be throwing exception/500s when no token is provided.