14 api crashes with 500 when jwt auth is enabled #15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Implement comprehensive unit tests for the JwtAuth class covering various scenarios including null credentials, missing JWT settings, expired tokens, and valid tokens. - Create tests for handling Bearer prefix in tokens and setting WWW-Authenticate headers. - Add unit tests for the GraphConfig class to validate auth configuration scenarios, including no auth configured, JWT auth with valid and missing environment variables, and custom auth configurations. - Ensure proper error handling and logging for invalid configurations and authentication failures.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces improvements to JWT authentication handling and adds comprehensive unit tests for the authentication backend. The main changes focus on correctly parsing bearer tokens, supporting different authentication methods, and ensuring robust test coverage for various authentication scenarios.
Authentication improvements:
authenticatemethod injwt_auth.pyto properly strip the "Bearer " prefix from the token before decoding, ensuring compatibility with standard HTTP Authorization headers. [1] [2]loader.pyto support binding JWT and "none" authentication methods, allowing flexible authentication configuration.Testing enhancements:
test_auth_backend.pywith extensive unit tests for theverify_current_userfunction, covering scenarios such as missing authentication config, successful authentication, error logging, and handling of edge cases like null credentials and varioususer_idvalues.