Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve error handling. Fix logout endpoint. Handle sign-in and MFA errors. #389

Merged
merged 21 commits into from
Aug 23, 2024
Merged

Improve error handling. Fix logout endpoint. Handle sign-in and MFA errors. #389

merged 21 commits into from
Aug 23, 2024

Conversation

jpmckinney
Copy link
Member

@jpmckinney jpmckinney commented Aug 23, 2024
edited
Loading

closes #349

Changes described in each commit message.

Easier to review ignoring whitespace, especially users.py https://github.com/open-contracting/credere-backend/pull/389/files?w=1

Re: 403 vs 404 for get_user() dependency viz user enumeration: It already discloses the users's non-existence in the detail message, so might as well use 404.

And with this, I end the saga that I started with – trying to better handle login errors!

If after deploy, we witness new errors in Sentry that shouldn't be there (I'm not expecting any), we can just add them to except clauses, or update the Sentry configuration in settings.py (e.g. to not report HTTP 400 errors – in case bots are sending bad requests to endpoints, for example).

@jpmckinney
test: Tidy command tests
1fe9c73
@jpmckinney
chore: Use "admin", not "ocp"
9b48b34
@jpmckinney
chore: There is no need to raise a 500 error, because FastAPI will do…
8eeb6d6 
… that on its own
@jpmckinney
fix: Report 400 (request validation errors) to Sentry. Use 422 instea…
ed16bbf 
…d for expected errors.
@jpmckinney
chore: Use (and document) appropriate HTTP status codes
984ab04
@jpmckinney
feat: Don't do bare "except Exception" and don't report unexpected an…
a80caaa 
…d unknown errors to the user
@jpmckinney
feat: Improve error messages for integrity errors
ed46e9d
@jpmckinney
i18n: Regenerate PO file. Correct one typo.
5eec7bf
@jpmckinney
feat: Add general error handler, to return JSON response for unexpect…
4c43d1b 
…ed errors (follow-up a80caaa)
@jpmckinney
test: Fix test_update_user
9dd3fe2
@jpmckinney
fix: Fix logout endpoint
0f0c7be
@jpmckinney
chore: Remove unused loggers
94a39a3
@jpmckinney
test: Fix test expectation for new error message
b400be9
@jpmckinney
feat: Log 413 errors to Sentry, to monitor whether 5MB is too small, c…
44c059e 
…loses #349
@jpmckinney
fix: Prevent user enumeration on login endpoint
392da23
@jpmckinney jpmckinney marked this pull request as draft August 23, 2024 05:27
@jpmckinney jpmckinney marked this pull request as ready for review August 23, 2024 07:35
@jpmckinney jpmckinney changed the title Improve error handling. Fix logout endpoint. Improve error handling. Fix logout endpoint. Handle sign-in and MFA errors. Aug 23, 2024
@jpmckinney jpmckinney requested a review from yolile August 23, 2024 07:38
@yolile
Copy link
Member

yolile commented Aug 23, 2024

Not sure why that test is failing

@jpmckinney
Copy link
Member Author

I'll see, and then merge. Could just be that I let too few seconds go by in the test fixtures. Works locally.

@jpmckinney jpmckinney merged commit 4632ee5 into main Aug 23, 2024
10 checks passed
@jpmckinney jpmckinney deleted the user-test branch August 23, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yolile yolile yolile approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider adding logger.error() in validate_file if file size too large
2 participants
@jpmckinney @yolile