Closed maxsibilla closed 5 months ago
Can be tested against the SenNet Ingest API /privs/<group_uuid>/has-write endpoint
/privs/<group_uuid>/has-write
If an expired token is passed to the above endpoint this line with fail with a 500 error: https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L273-L274
{ "error": "500 Internal Server Error: The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application." }
The issue is that the method getUserInfo (https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L467C9-L467C9) returns a Flask Response object, which does not contain the attribute text which is what the method check_write_privs checks for explicitly.
getUserInfo
text
check_write_privs
When we fix these make sure to check AuthHelper.has_data_admin_privs(token) as it may be throwing exception/500s when no token is provided.
AuthHelper.has_data_admin_privs(token)
Can be tested against the SenNet Ingest API
/privs/<group_uuid>/has-write
endpointIf an expired token is passed to the above endpoint this line with fail with a 500 error: https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L273-L274
The issue is that the method
getUserInfo
(https://github.com/hubmapconsortium/commons/blob/c1946130b78f56b0e5f430a0860a25c69cdf59c0/hubmap_commons/hm_auth.py#L467C9-L467C9) returns a Flask Response object, which does not contain the attributetext
which is what the methodcheck_write_privs
checks for explicitly.