Open gh-ppolk opened 3 years ago
Describe the bug
You aren't handling Unauthorized Token Access properly. Your api raises a TypeError when it should be raising an UnauthorizedTokenException.
To Reproduce Try to access the api with invalid credentials. A TypeError will occur.
Expected behavior An UnauthorizedTokenException should be raised.
Screenshots I am too lazy for screenshots.
Desktop (please complete the following information):
Additional context The bug actually happens here.
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L149
core.py headers['Authorization'] = 'Bearer ' + self.__token https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
because self.__token is defaulted to None here
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L43
core.py self.__token = None https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
This requests.post will respond without raising a 400 because the request processed, it just processed and returned Unauthorized. But you don’t raise an exception.
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L129
core.py response = requests.post(self.__token_host, auth=self.credentials, data=data, verify=self.verify) https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
And instead just log it
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L143
core.py py_jama_rest_client_logger.error('Failed to retrieve OAuth Token') https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
resulting in the method completing without updating the token
And allowing for the type error to occur.
@nmchale-jama
gh-ppolk
commented
3 years ago
Describe the bug
You aren't handling Unauthorized Token Access properly. Your api raises a TypeError when it should be raising an UnauthorizedTokenException.
To Reproduce Try to access the api with invalid credentials. A TypeError will occur.
Expected behavior An UnauthorizedTokenException should be raised.
Screenshots I am too lazy for screenshots.
Desktop (please complete the following information):
Additional context The bug actually happens here.
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L149
core.py headers['Authorization'] = 'Bearer ' + self.__token https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
because self.__token is defaulted to None here
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L43
core.py self.__token = None https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
This requests.post will respond without raising a 400 because the request processed, it just processed and returned Unauthorized. But you don’t raise an exception.
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L129
core.py response = requests.post(self.__token_host, auth=self.credentials, data=data, verify=self.verify) https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
And instead just log it
https://github.com/jamasoftware-ps/py-jama-rest-client/blob/d03cb914b020d175fec6dd347434d28d8268c148/py_jama_rest_client/core.py#L143
core.py py_jama_rest_client_logger.error('Failed to retrieve OAuth Token') https://github.com/jamasoftware-ps/py-jama-rest-client|jamasoftware-ps/py-jama-rest-clientjamasoftware-ps/py-jama-rest-client | Added by GitHub
resulting in the method completing without updating the token
And allowing for the type error to occur.