New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

500 error when using a malformed token #116

Closed
gbnk0 opened this Issue Jun 20, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@gbnk0
Copy link
Contributor

gbnk0 commented Jun 20, 2018

Hi,

I get this error:

DecodeError: Not enough segments while handling path /me

My Auth header: Bearer invalidtokenhduisqhd

When i do a query on /me with an invalid token, is it a feature or a bug?

Thanks,

@gbnk0

This comment has been minimized.

Copy link
Contributor Author

gbnk0 commented Jun 20, 2018

I think it should return me a 400 or a 401 ?

@ahopkins

This comment has been minimized.

Copy link
Owner

ahopkins commented Jun 20, 2018

Thanks. We should probably be catching that, you are right. It should be a 400.

@ahopkins

This comment has been minimized.

Copy link
Owner

ahopkins commented Aug 5, 2018

This lead me down a little bit of a rabbit hole. And, ultimately changed some behavior that I think is for the better.

Now, when a malformed response is made, the user will (almost) always get a 401. Therefore, it will be more predictable. If an endpoint that is protected is hit, and the correct authorization details are not passed, 401 will be raised.

If debug is turned on, it will be a 400 and an explicit message will be output.

That message will also be written to the logs, and optionally can be output to the response even when debug is not on. I will update here a little more after I polish a few more tests.

@gbnk0

This comment has been minimized.

Copy link
Contributor Author

gbnk0 commented Aug 5, 2018

Thanks for that

@ahopkins

This comment has been minimized.

Copy link
Owner

ahopkins commented Aug 5, 2018

I want to spend some more time tonight on a few more unit tests. Then I have a few items to update in docs and I will push a new release to pypi. But, at the least you can install from the dev branch if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment