Closed Bug 843423 Opened 10 years ago Closed 10 years ago

An invalid JWT issuer causes a 500 error in webpay

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED FIXED
2013-03-14

People

(Reporter: kumar, Assigned: andy+bugzilla)

References

Details

If you submit a JWT with a bogus issuer you can trigger a 500. This should be caught and handled gracefully.

I think this is just fallout from upgrading to curling because we no longer get a ValueError, we get a real ObjectDoesNotExist exception

Internal Server Error: /mozpay/

Stacktrace (most recent call last):

  File "django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "django/views/decorators/http.py", line 41, in inner
    return func(request, *args, **kwargs)
  File "webpay/pay/views.py", line 102, in lobby
    res = process_pay_req(request)
  File "webpay/pay/views.py", line 45, in process_pay_req
    if not form.is_valid():
  File "django/forms/forms.py", line 124, in is_valid
    return self.is_bound and not bool(self.errors)
  File "django/forms/forms.py", line 115, in _get_errors
    self.full_clean()
  File "django/forms/forms.py", line 270, in full_clean
    self._clean_fields()
  File "django/forms/forms.py", line 290, in _clean_fields
    value = getattr(self, 'clean_%s' % name)()
  File "webpay/pay/forms.py", line 59, in clean_req
    secret = client.get_secret(app_id)
  File "lib/solitude/api.py", line 129, in get_secret
    seller__active=True, public_id=public_id)['secret']
  File "curling/lib.py", line 121, in get_object
    raise ObjectDoesNotExist
Priority: -- → P2
Assignee: nobody → amckay
Target Milestone: --- → 2013-03-14
You go this in https://github.com/mozilla/webpay/commit/a9d2c27c.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
s/go/got/
You need to log in before you can comment on or make changes to this bug.