Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BadRequestKeyError no longer contains the missing key from self.form as of 1.0.3 #3249

Closed
Roguelazer opened this issue Jun 3, 2019 · 7 comments

Comments

@Roguelazer
Copy link

commented Jun 3, 2019

Expected Behavior

When self.form is indexed with a key that isn't present, BadRequestKeyError is raised. Under 1.0.2 and below, the .args property of this exception contained the actual missing key -- great for lightweight error presentation.

Minimal demonstration:

from flask import Flask, jsonify, request
from werkzeug.exceptions import BadRequestKeyError

app = Flask('test')

@app.errorhandler(BadRequestKeyError)
def bad_key(e):
    return jsonify({'missing key(s)': e.args})


@app.route('/')
def root():
    return request.form['foo']

app.run()

Under 1.0.2 and below we see the following behavior:

 % curl localhost:5000
{"missing key(s)":["foo"]}

Under 1.0.3:

% curl localhost:5000
{"missing key(s)":[]}

This occurs independent of $FLASK_DEBUG

Actual Behavior

There appears to be no way to get at the missing key from an error handler.

Environment

  • Python version: 3.6.6
  • Flask version: 1.0.3
  • Werkzeug version: 0.15.4
@davidism

This comment has been minimized.

Copy link
Member

commented Jun 3, 2019

I can't reproduce the issue when in debug mode, e.args[0] is the key. Out of debug mode, this now fails because we clear the args, since in Werkzeug 0.15 that's what triggers hiding the key, and I didn't think it was good to show the keys and non-standard error messages outside debug mode.

Then again, this "only show the key in debug mode" is a completely made up thing I decided when adding the key to the output, it wasn't ever shown before Flask 1.0. I can just have it show all the time and never remove it?

@Roguelazer

This comment has been minimized.

Copy link
Author

commented Jun 3, 2019

@davidism

This comment has been minimized.

Copy link
Member

commented Jun 3, 2019

It doesn't exactly depend on debug mode, losing the key outside debug mode is an unintended side-effect of the new implementation of the key showing/hiding in Werkzeug 0.15, which gained support in Flask 1.0.

You should set TRAP_BAD_REQUEST_ERRORS = True in your config, since trapping the BadRequestKeyError to handle yourself is what you want. I've confirmed you get the behavior you want in that case.

@Roguelazer

This comment has been minimized.

Copy link
Author

commented Jun 3, 2019

I can confirm that setting TRAP_BAD_REQUEST_ERRORS to True in config fixes this.

I still am kind of negative on the idea of emptying out .args by default in non-debug mode, but at least there's a workaround...

@davidism

This comment has been minimized.

Copy link
Member

commented Jun 3, 2019

If you have a suggestion for a better way to only output the information in Flask's debug mode, when the feature itself is part of Werkzeug, I'm open to review a PR to Werkzeug!

@Roguelazer

This comment has been minimized.

Copy link
Author

commented Jun 3, 2019

Is e.args actually auto-dumped? Would it be sufficient to remove it from e.description but just leave e.args alone?

@LuckyDenis

This comment was marked as outdated.

Copy link

commented Jun 10, 2019

Hello. I can take this problem or it's fix already?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.