Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid handling of exceptions different from ValidationError #1140

Open
2 tasks done
floels opened this issue Mar 16, 2023 · 2 comments
Open
2 tasks done

Invalid handling of exceptions different from ValidationError #1140

floels opened this issue Mar 16, 2023 · 2 comments
Labels
bug

Comments

@floels
Copy link

floels commented Mar 16, 2023
edited by sliverc
Loading

Description of the Bug Report

The current error handling assumes that each field in the error exception dictionary is a field name. This is only true for ValidationException though but not for other exception such as InvalidToken as in example below.

Error handling needs to be adjusted so ValidationException and other errors are handled different.

Orginal report

To reproduce:

  1. Start a new Django project. Install and set up:
  • Django Rest Framework,
  • DRF Simple JWT,
  • Django REST framework JSON:API.

with all standard settings.

  1. Create a minimalistic app with only one URL pattern pointing to Simple JWT's TokenRefreshView:
from django.urls import path
from rest_framework_simplejwt.views import TokenRefreshView

urlpatterns = [
  path("token/refresh/", TokenRefreshView.as_view(), name=("token_refresh")),
]
  1. Add a basic test to check the response of this view when a wrong refresh token is provided:
from django.test import TestCase

class AuthenticationTests(TestCase):
    def test_refresh_jw_token_wrong_refresh(self):
        """
        Ensure we don't obtain a refreshed JWT when providing a wrong refresh token.
        """
        response = self.client.post(
            "/myapp/token/refresh/", {"refresh": "wrong.refreshToken"}, format="json"
        )

        self.assertEqual(response.status_code, 401)
  1. Debug and inspect response.json() at the end of the test:

Capture d’écran 2023-03-16 à 17 58 08

See that the errors attribute contains two redundant items:

Capture d’écran 2023-03-16 à 19 42 23

Checklist

  • Certain that this is a bug (if unsure or you have a question use discussions instead)
  • Code snippet or unit test added to reproduce bug
@floels floels added the bug label Mar 16, 2023
@floels floels changed the title Duplicate error in response of Simple JWT TokenRefreshView Duplicate errors in response of Simple JWT's TokenRefreshView Mar 16, 2023
@sliverc
Copy link
Member

sliverc commented Mar 24, 2023

Thanks for raising this issue. Indeed the current DJA error handling mainly handles ValidationError. In this case however it is a custom exception of simplejwt where DJA then thinks code and detail are field names which is not the case.

To address this issue the error handling logic needs to be rewritten that it handles ValidationError and other errors differently.

@sliverc sliverc mentioned this issue Apr 3, 2023
Open
@sliverc sliverc changed the title Duplicate errors in response of Simple JWT's TokenRefreshView Invalid handling of exceptions different from ValidationError Apr 4, 2023
@jokiefer
Copy link
Contributor

jokiefer commented Jul 4, 2023

I also run in an equivalent behavior. If i raise an error like described in the docs, the above behavior will occurs.

My workaround was to pass in an array with the error object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sliverc @jokiefer @floels