Submitting wildly invalid assertions to /verify causes a 500 server error #598
Comments
this is lame. in general the verifier needs hardening and love. it should return extremely helpful errors to end users, given this will affect our cost of supporting it significantly. I say 4 stars. |
…leak out of JWCrypto and cause 500 errors rather than 200 failure responses.
Ran backend unit tests on local install. Did not see anything unusual. |
Do the unit tests submit something that isn't valid JWT, or once
|
Both. --lloyd On Dec 5, 2011, at 8:44 PM, Ian Bickingreply@reply.github.com wrote:
|
This breaks on browserid but works on diresworb:
I'm guessing that means it is fixed. |
Will roll into prod on thurs --lloyd On Dec 6, 2011, at 2:35 PM, Ian Bickingreply@reply.github.com wrote:
|
I accidentally pointed my mock assertions at BrowserID (things like the literal string "test@example.com", which isn't base64, JSON, JWT) and I get a 500 error. It should return a proper error message.
The text was updated successfully, but these errors were encountered: