Strange behavior when call is made from ajax, other domain

[KathRains]

Hi!
I have a project where front-end(React) and back-end(Flask) are working on different domains.

I added the following test end-point:

@test _api.route('/test')
class test_route(Resource):
    @jwt_required
    def get(self):
        return jsonify({'result': True})

It's working properly if I provide a valid access token (in header, as I can't use it in the cookie).

But if it's not provided, or it's wrong I can't make the following handler work right:

@jwt.unauthorized_loader
def unauthorized_loader_handler(message):
    return jsonify({
            "description": "Access token not found!",
            "error": "unauthorized_loader"
        }, 401)

in a case of unauthorized loader and get into this handler but right after the exception is thrown:

Server-side ERROR: 'Response' object has no attribute 'get'

I just want it to return status 401 to the front-end.

[vimalloc-mavenlink]

I'm unable to duplicate the error your seeing locally. Here is the test server I'm using:

from flask import Flask, jsonify

from flask_jwt_extended import JWTManager, jwt_required

app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'super-secret'
jwt = JWTManager(app)

@jwt.unauthorized_loader
def unauthorized(msg):
    return jsonify({'nananana': 'batman'})

@app.route('/foo', methods=['GET'])
@jwt_required
def protected():
    return jsonify({'foo': 'bar'})

And the result of accessing /foo

± http GET :5000/foo
HTTP/1.0 200 OK
Content-Length: 22
Content-Type: application/json
Date: Tue, 29 Sep 2020 02:33:52 GMT
Server: Werkzeug/1.0.1 Python/3.7.7

{
    "nananana": "batman"
}

I do notice that your jsonify looks wrong, if you want the status code to be 401 that should look like:

    # Notice that the `401` is outside of the jsonify method call
    return jsonify({
         "description": "Access token not found!",
         "error": "unauthorized_loader"
    }), 401

If you are still running into issues, please provide a complete, minimal, and verifiable example which is demonstrating this issue.

Thanks!

[KathRains]

Thanks for the quick response!
I fixed the typo with 401 but have the same result. Let me see if I can extract the "minimal example" from my code - will do it tomorrow.

[KathRains]

I found the exception was thrown in Flask-RestX. As soon as I changed your code to something like that it throw the exception I described:

from flask import Flask, jsonify

from flask_jwt_extended import JWTManager, jwt_required
from flask_restx import Api, Resource

app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'super-secret'
jwt = JWTManager(app)
api = Api(app)
jwt._set_error_handler_callbacks(api)

@jwt.unauthorized_loader
def unauthorized(msg):
    return jsonify({'nananana': 'batman'}), 401

@app.route('/foo', methods=['GET'])
@jwt_required
def protected():
    return jsonify({'foo': 'bar'})


@api.route('/bar')
class HelloWorld(Resource):
    @jwt_required
    def get(self):
        return {'hello': 'world'}

Should I ask them for the help?

[vimalloc]

Yeah, that would probably be your best bet. I have never used flask_restX before, so I don't think I will directly be much help there. Sorry!

[vimalloc]

Oh, it looks like restX is a fork of restplus, which has some known issues that break things for this extension. You can check out this to see if any of those fix things for you: #86 (comment). And a report to restX would probably still be a good idea, if they can get their stuff fixed up to work with native flask error_handlers (I'm assuming that's the problem, it was for flask restplus), that would be good for everyone I think!

[KathRains]

Yeah, I already use _set_error_handler_callbacks to connect their handler in a case of errors but it's not working (works in Flask-Restplus). Already reported at their issue list. Thanks!

[0xbart]

This is one of the options that should work with Flask-restx.

1. Uncomment the private function _set_error_handler_callbacks(api).
2. Add default handler for all JWTExtendedExtension

Example

import pathlib

from flask import Flask
from flask_restx import Api
from flask_jwt_extended import JWTManager
from flask_jwt_extended.exceptions import JWTExtendedException

def create_app():
    app = Flask(__name__)
    app.config.from_pyfile(pathlib.Path(__file__).parent / "config.py")

    api = Api(app)
    jwt = JWTManager()
    
    @api.errorhandler(JWTExtendedException)
    def handle_jwt_exceptions(error):
        return {'message': str(error)}, getattr(error, 'code', 401)

    jwt.init_app(app)

[KathRains]

Responded in our thread.

[adrianbeloqui]

Thanks @0xbart !

While upgrading my app and moving from flask_restplus to flask_restx the option 1 (which was working with flask_restplus) was only working when running tox to test the app, but not when running the server for some reason.

The option 2 did the trick for me on both. Much appreciated!