search

jalantechnologies / rflask-boilerplate

Boilerplate code for building projects using Python, Flask and React
0 stars 4 forks source link

fix: App throws 500 with "ExpiredSignatureError" in case the signing key is updated for JWT #43

Closed bbbneo333 closed 2 months ago

bbbneo333 commented 3 months ago

What happened? Application throws following error with 500 status code when signing key for JWT changes. Steps to repro:

jwt.exceptions.ExpiredSignatureError: Signature has expired

 File "/Users/bbbneo333/Projects/jalantechnologies/rflask-boilerplate/src/apps/backend/modules/account/rest_api/account_view.py", line 20, in get
[backend]     account = AccountService.get_account_by_id(params=account_params)
[backend]               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[backend]   File "/Users/bbbneo333/Projects/jalantechnologies/rflask-boilerplate/src/apps/backend/modules/access_token/rest_api/access_auth_middleware.py", line 22, in wrapper
[backend]     auth_payload = AccessTokenService.verify_access_token(token=auth_token)
[backend]                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[backend]   File "/Users/bbbneo333/Projects/jalantechnologies/rflask-boilerplate/src/apps/backend/modules/access_token/access_token_service.py", line 45, in verify_access_token
[backend]     verified_token = jwt.decode(token, jwt_signing_key, algorithms=["HS256"])
[backend]                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[backend]   File "/Users/bbbneo333/.local/share/virtualenvs/backend-FfgOPM2D/lib/python3.12/site-packages/jwt/api_jwt.py", line 210, in decode
[backend]     decoded = self.decode_complete(
[backend]               ^^^^^^^^^^^^^^^^^^^^^
[backend]   File "/Users/bbbneo333/.local/share/virtualenvs/backend-FfgOPM2D/lib/python3.12/site-packages/jwt/api_jwt.py", line 162, in decode_complete
[backend]     self._validate_claims(
[backend]   File "/Users/bbbneo333/.local/share/virtualenvs/backend-FfgOPM2D/lib/python3.12/site-packages/jwt/api_jwt.py", line 248, in _validate_claims
[backend]     self._validate_exp(payload, now, leeway)
[backend]   File "/Users/bbbneo333/.local/share/virtualenvs/backend-FfgOPM2D/lib/python3.12/site-packages/jwt/api_jwt.py", line 306, in _validate_exp
[backend]     raise ExpiredSignatureError("Signature has expired")
[backend] jwt.exceptions.ExpiredSignatureError: Signature has expired

What should have happend? Instead of throwing 500, it should have simply treated the token as invalid and ask the user to signin again (same as in case of expired token)