search

open-contracting / credere-backend

A tool that facilitates the participation of Micro, Small, and Medium businesses (MSMEs) in the Colombian public procurement market.
https://credere.readthedocs.io
BSD 3-Clause "New" or "Revised" License
5 stars 0 forks source link

Improve error handling. Fix logout endpoint. Handle sign-in and MFA errors. #389

Closed jpmckinney closed 3 weeks ago

jpmckinney commented 3 weeks ago

closes #349

Changes described in each commit message.

Easier to review ignoring whitespace, especially users.py https://github.com/open-contracting/credere-backend/pull/389/files?w=1

Re: 403 vs 404 for get_user() dependency viz user enumeration: It already discloses the users's non-existence in the detail message, so might as well use 404.

And with this, I end the saga that I started with – trying to better handle login errors!

If after deploy, we witness new errors in Sentry that shouldn't be there (I'm not expecting any), we can just add them to except clauses, or update the Sentry configuration in settings.py (e.g. to not report HTTP 400 errors – in case bots are sending bad requests to endpoints, for example).

yolile commented 3 weeks ago

Not sure why that test is failing

jpmckinney commented 3 weeks ago

I'll see, and then merge. Could just be that I let too few seconds go by in the test fixtures. Works locally.