Re: 403 vs 404 for get_user() dependency viz user enumeration: It already discloses the users's non-existence in the detail message, so might as well use 404.
And with this, I end the saga that I started with – trying to better handle login errors!
If after deploy, we witness new errors in Sentry that shouldn't be there (I'm not expecting any), we can just add them to except clauses, or update the Sentry configuration in settings.py (e.g. to not report HTTP 400 errors – in case bots are sending bad requests to endpoints, for example).
closes #349
Changes described in each commit message.
Easier to review ignoring whitespace, especially users.py https://github.com/open-contracting/credere-backend/pull/389/files?w=1
Re: 403 vs 404 for get_user() dependency viz user enumeration: It already discloses the users's non-existence in the detail message, so might as well use 404.
And with this, I end the saga that I started with – trying to better handle login errors!
If after deploy, we witness new errors in Sentry that shouldn't be there (I'm not expecting any), we can just add them to
except
clauses, or update the Sentry configuration in settings.py (e.g. to not report HTTP 400 errors – in case bots are sending bad requests to endpoints, for example).