843423 - An invalid JWT issuer causes a 500 error in webpay

Status: RESOLVED FIXED

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

Description

[Kumar McMillan [:kumar]]

If you submit a JWT with a bogus issuer you can trigger a 500. This should be caught and handled gracefully.

I think this is just fallout from upgrading to curling because we no longer get a ValueError, we get a real ObjectDoesNotExist exception

Internal Server Error: /mozpay/

Stacktrace (most recent call last):

  File "django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "django/views/decorators/http.py", line 41, in inner
    return func(request, *args, **kwargs)
  File "webpay/pay/views.py", line 102, in lobby
    res = process_pay_req(request)
  File "webpay/pay/views.py", line 45, in process_pay_req
    if not form.is_valid():
  File "django/forms/forms.py", line 124, in is_valid
    return self.is_bound and not bool(self.errors)
  File "django/forms/forms.py", line 115, in _get_errors
    self.full_clean()
  File "django/forms/forms.py", line 270, in full_clean
    self._clean_fields()
  File "django/forms/forms.py", line 290, in _clean_fields
    value = getattr(self, 'clean_%s' % name)()
  File "webpay/pay/forms.py", line 59, in clean_req
    secret = client.get_secret(app_id)
  File "lib/solitude/api.py", line 129, in get_secret
    seller__active=True, public_id=public_id)['secret']
  File "curling/lib.py", line 121, in get_object
    raise ObjectDoesNotExist

Comment 1

[Andy McKay]

You go this in https://github.com/mozilla/webpay/commit/a9d2c27c.

Comment 2

[Andy McKay]

s/go/got/