Closed Bug 843423 Opened 12 years ago Closed 12 years ago

An invalid JWT issuer causes a 500 error in webpay

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED FIXED
2013-03-14

People

(Reporter: kumar, Assigned: andy+bugzilla)

References

Details

If you submit a JWT with a bogus issuer you can trigger a 500. This should be caught and handled gracefully. I think this is just fallout from upgrading to curling because we no longer get a ValueError, we get a real ObjectDoesNotExist exception Internal Server Error: /mozpay/ Stacktrace (most recent call last): File "django/core/handlers/base.py", line 111, in get_response response = callback(request, *callback_args, **callback_kwargs) File "django/views/decorators/http.py", line 41, in inner return func(request, *args, **kwargs) File "webpay/pay/views.py", line 102, in lobby res = process_pay_req(request) File "webpay/pay/views.py", line 45, in process_pay_req if not form.is_valid(): File "django/forms/forms.py", line 124, in is_valid return self.is_bound and not bool(self.errors) File "django/forms/forms.py", line 115, in _get_errors self.full_clean() File "django/forms/forms.py", line 270, in full_clean self._clean_fields() File "django/forms/forms.py", line 290, in _clean_fields value = getattr(self, 'clean_%s' % name)() File "webpay/pay/forms.py", line 59, in clean_req secret = client.get_secret(app_id) File "lib/solitude/api.py", line 129, in get_secret seller__active=True, public_id=public_id)['secret'] File "curling/lib.py", line 121, in get_object raise ObjectDoesNotExist
Priority: -- → P2
Assignee: nobody → amckay
Target Milestone: --- → 2013-03-14
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
s/go/got/
You need to log in before you can comment on or make changes to this bug.