Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BadRequestKeyError no longer contains the missing key from self.form as of 1.0.3 #3249

Closed
Roguelazer opened this issue Jun 3, 2019 · 7 comments
Closed
Milestone

Comments

@Roguelazer
Copy link

@Roguelazer Roguelazer commented Jun 3, 2019

Expected Behavior

When self.form is indexed with a key that isn't present, BadRequestKeyError is raised. Under 1.0.2 and below, the .args property of this exception contained the actual missing key -- great for lightweight error presentation.

Minimal demonstration:

from flask import Flask, jsonify, request
from werkzeug.exceptions import BadRequestKeyError

app = Flask('test')

@app.errorhandler(BadRequestKeyError)
def bad_key(e):
    return jsonify({'missing key(s)': e.args})


@app.route('/')
def root():
    return request.form['foo']

app.run()

Under 1.0.2 and below we see the following behavior:

 % curl localhost:5000
{"missing key(s)":["foo"]}

Under 1.0.3:

% curl localhost:5000
{"missing key(s)":[]}

This occurs independent of $FLASK_DEBUG

Actual Behavior

There appears to be no way to get at the missing key from an error handler.

Environment

  • Python version: 3.6.6
  • Flask version: 1.0.3
  • Werkzeug version: 0.15.4
@davidism
Copy link
Member

@davidism davidism commented Jun 3, 2019

I can't reproduce the issue when in debug mode, e.args[0] is the key. Out of debug mode, this now fails because we clear the args, since in Werkzeug 0.15 that's what triggers hiding the key, and I didn't think it was good to show the keys and non-standard error messages outside debug mode.

Then again, this "only show the key in debug mode" is a completely made up thing I decided when adding the key to the output, it wasn't ever shown before Flask 1.0. I can just have it show all the time and never remove it?

Loading

@Roguelazer
Copy link
Author

@Roguelazer Roguelazer commented Jun 3, 2019

Loading

@davidism
Copy link
Member

@davidism davidism commented Jun 3, 2019

It doesn't exactly depend on debug mode, losing the key outside debug mode is an unintended side-effect of the new implementation of the key showing/hiding in Werkzeug 0.15, which gained support in Flask 1.0.

You should set TRAP_BAD_REQUEST_ERRORS = True in your config, since trapping the BadRequestKeyError to handle yourself is what you want. I've confirmed you get the behavior you want in that case.

Loading

@Roguelazer
Copy link
Author

@Roguelazer Roguelazer commented Jun 3, 2019

I can confirm that setting TRAP_BAD_REQUEST_ERRORS to True in config fixes this.

I still am kind of negative on the idea of emptying out .args by default in non-debug mode, but at least there's a workaround...

Loading

@davidism
Copy link
Member

@davidism davidism commented Jun 3, 2019

If you have a suggestion for a better way to only output the information in Flask's debug mode, when the feature itself is part of Werkzeug, I'm open to review a PR to Werkzeug!

Loading

@Roguelazer
Copy link
Author

@Roguelazer Roguelazer commented Jun 3, 2019

Is e.args actually auto-dumped? Would it be sufficient to remove it from e.description but just leave e.args alone?

Loading

@LuckyDenis

This comment has been hidden.

@davidism davidism added this to the 1.0.4 milestone Jun 26, 2019
@davidism davidism closed this Jun 26, 2019
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants