Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bearer token parse results in 500 instead of 401 #466

Closed
fluffy-critter opened this issue Oct 12, 2021 · 1 comment · Fixed by #467
Closed

Bearer token parse results in 500 instead of 401 #466

fluffy-critter opened this issue Oct 12, 2021 · 1 comment · Fixed by #467

Comments

@fluffy-critter
Copy link
Collaborator

fluffy-critter commented Oct 12, 2021
edited

Expected Behavior

When a bad token comes in through Authorization: it should result in a 401 error.

Current Behavior

Something within the exception unwind is getting confused:

curl localhost:5000 -H 'Authorization: Bearer skjdflksjflsj.asdfasfd'

...

Traceback (most recent call last):
  File "/Users/fluffy/projects/Publ/publ/tokens.py", line 35, in parse_token
    ident, expires = signer().loads(token)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/serializer.py", line 189, in loads
    raise last_exception
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/serializer.py", line 186, in loads
    return self.load_payload(signer.unsign(s))
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/signer.py", line 169, in unsign
    raise BadSignature("Signature %r does not match" % sig, payload=value)
itsdangerous.exc.BadSignature: Signature b'asdfasfd' does not match

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "<string>", line 2, in render_category
    """ Rendering functions """
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/pony/orm/core.py", line 533, in new_func
    result = func(*args, **kwargs)
  File "/Users/fluffy/projects/Publ/publ/rendering.py", line 277, in render_category
    return render_category_path(category, template)
  File "/Users/fluffy/projects/Publ/publ/rendering.py", line 318, in render_category_path
    rendered, etag = render_publ_template(
  File "/Users/fluffy/projects/Publ/publ/rendering.py", line 130, in render_publ_template
    cur_user = user.get_active()
  File "/Users/fluffy/projects/Publ/publ/utils.py", line 478, in wrapped_func
    val = inner(*args, **kwargs)
  File "/Users/fluffy/projects/Publ/publ/user.py", line 178, in get_active
    token = tokens.parse_token(parts[1])
  File "/Users/fluffy/projects/Publ/publ/tokens.py", line 39, in parse_token
    raise http_error.Unauthorized(error.message) from error
werkzeug.exceptions.Unauthorized: 401 Unauthorized: Signature b'asdfasfd' does not match

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/fluffy/projects/Publ/publ/tokens.py", line 35, in parse_token
    ident, expires = signer().loads(token)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/serializer.py", line 189, in loads
    raise last_exception
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/serializer.py", line 186, in loads
    return self.load_payload(signer.unsign(s))
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/itsdangerous/signer.py", line 169, in unsign
    raise BadSignature("Signature %r does not match" % sig, payload=value)
itsdangerous.exc.BadSignature: Signature b'asdfasfd' does not match

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 2464, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 2450, in wsgi_app
    response = self.handle_exception(e)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 1867, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/flask/app.py", line 1822, in handle_user_exception
    return handler(e)
  File "<string>", line 2, in render_exception
    """ Rendering functions """
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/pony/orm/core.py", line 533, in new_func
    result = func(*args, **kwargs)
  File "/Users/fluffy/projects/Publ/publ/rendering.py", line 204, in render_exception
    return app.authl.render_login_form(destination='/' + utils.redir_path(),
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/authl/flask.py", line 380, in render_login_form
    result = self._login_render_func(**render_args)
  File "<string>", line 2, in render_login_form
    """ Rendering functions """
  File "/Users/fluffy/Library/Caches/pypoetry/virtualenvs/publ-XESjGdQG-py3.8/lib/python3.8/site-packages/pony/orm/core.py", line 520, in new_func
    return func(*args, **kwargs)
  File "/Users/fluffy/projects/Publ/publ/rendering.py", line 337, in render_login_form
    LOGGER.debug('redir=%s user=%s', redir, user.get_active())
  File "/Users/fluffy/projects/Publ/publ/utils.py", line 478, in wrapped_func
    val = inner(*args, **kwargs)
  File "/Users/fluffy/projects/Publ/publ/user.py", line 178, in get_active
    token = tokens.parse_token(parts[1])
  File "/Users/fluffy/projects/Publ/publ/tokens.py", line 39, in parse_token
    raise http_error.Unauthorized(error.message) from error
werkzeug.exceptions.Unauthorized: 401 Unauthorized: Signature b'asdfasfd' does not match
@fluffy-critter
Copy link
Collaborator Author

Oh and this isn't reflected in the stack trace above but fixing the raise http_error.Unauthorized to add a from error didn't help matters at all.

@fluffy-critter fluffy-critter mentioned this issue Oct 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/fix misparsed tokens PlaidWeb/Publ
1 participant
@fluffy-critter