darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-11 15:52:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
19dcd7a48b6f06ea33bc1ee0635c34c8f9df199d
notifications-api/app/errors.py

118 lines
4.1 KiB
Python
Raw Normal View History

Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
from flask import current_app, json, jsonify
from jsonschema import ValidationError as JsonSchemaValidationError
from marshmallow import ValidationError
There were some exceptions in production today where a one off message was sending a message with an invalid email address. The admin app validation did not catch this problem. But the API did. This PR is a small fix to catch the erorr thrown by the notifications-utils/recipient validation methods and return a 400 status rather than a 500. This only solves the issue of the user seeing "We are experiencing technical difficulties" rather than "invalid email address" The bug can be replicated if you enter use quotes when entering the email address. More work needs to be done so that the admin app does the same validation as the api so the user sees a nice form validtion error rather than a 400 after clicking send. See: https://www.pivotaltracker.com/story/show/154472625
2018-01-19 12:23:07 +00:00
from notifications_utils.recipients import InvalidEmailError
Catch itegrity errors and return 400. When creating or updating an organisation an itegrity error is raise if the name is already used. This change adds a new error handler for the organisation to catch the named unique index and return a 400 with a sensible message. We have an other error handler for unique service names which was caught in the error handler for all blueprints. A new error handler for the service_blueprint has been created for catch those specific unique constraints. This is a nice way to encapulate the specific errors for a specific blueprint.
2018-02-19 14:33:44 +00:00
from sqlalchemy.exc import DataError
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
from sqlalchemy.orm.exc import NoResultFound
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
refactored the requires_auth handler to raise exceptions hopefully cleans up code flow and readability [a tiny bit]. raise an AuthException in auth.py, and catch it in errors.py to save on returning error_repsonse values throughout the function
2016-06-29 17:37:20 +01:00
from app.authentication.auth import AuthError
Add DAO function and endpoint for archiving email reply_to addresses Added a new DAO function which archives email reply_to addresses by setting archived to True. This raises a new type of error, an ArchiveValidationError, if trying to archive a default reply_to address. Added a new endpoint for archiving email reply_to addresses.
2018-04-25 16:34:36 +01:00
from app.exceptions import ArchiveValidationError
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
Logging refactor to make debugging easier. Before the filename needed to be known. Added the notification id to the logging message so that the notification can be traced through the logging system by knowing the notification id, making it easier to debug. Also changed to raise an exception so that alerts are generated. This way we should get an email to say that there has been an error.
2018-04-03 12:31:52 +01:00
class VirusScanError(Exception):
def __init__(self, message):
super().__init__(message)
Change endpoint responses where there are marshalling, unmarshalling or param errors to raise invalid data exception. That will cause those responses to be handled in by errors.py, which will log the errors. Set most of schemas to strict mode so that marshmallow will raise exception rather than checking for errors in return tuple from load. Added handler to errors.py for marshmallow validation errors.
2016-06-14 15:07:23 +01:00
class InvalidRequest(Exception):
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
code = None
fields = []
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
def __init__(self, message, status_code):
super().__init__()
self.message = message
self.status_code = status_code
def to_dict(self):
return {'result': 'error', 'message': self.message}
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
def to_dict_v2(self):
'''
Version 2 of the public api error response.
'''
return {
update V2 error response to {status_code: 403, errors: [error: AuthError, message: token has expired}] }
2016-11-09 14:56:54 +00:00
"status_code": self.status_code,
"errors": [
{
"error": self.__class__.__name__,
"message": self.message
}
]
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
}
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
def __str__(self):
return str(self.to_dict())
more tests
2023-08-14 15:32:22 -07:00
# TODO maintainability what is this for? How to unit test it?
Wire up error handlers. Replace some 400s with more appropriate 500s. DAO methods that cause unexpected exceptions get caught and logged by errors.py 500 error handler.
2016-02-17 17:04:50 +00:00
def register_errors(blueprint):
There were some exceptions in production today where a one off message was sending a message with an invalid email address. The admin app validation did not catch this problem. But the API did. This PR is a small fix to catch the erorr thrown by the notifications-utils/recipient validation methods and return a 400 status rather than a 500. This only solves the issue of the user seeing "We are experiencing technical difficulties" rather than "invalid email address" The bug can be replicated if you enter use quotes when entering the email address. More work needs to be done so that the admin app does the same validation as the api so the user sees a nice form validtion error rather than a 400 after clicking send. See: https://www.pivotaltracker.com/story/show/154472625
2018-01-19 12:23:07 +00:00
@blueprint.errorhandler(InvalidEmailError)
def invalid_format(error):
# Please not that InvalidEmailError is re-raised for InvalidEmail or InvalidPhone,
# work should be done in the utils app to tidy up these errors.
return jsonify(result='error', message=str(error)), 400
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(AuthError)
refactored the requires_auth handler to raise exceptions hopefully cleans up code flow and readability [a tiny bit]. raise an AuthException in auth.py, and catch it in errors.py to save on returning error_repsonse values throughout the function
2016-06-29 17:37:20 +01:00
def authentication_error(error):
return jsonify(result='error', message=error.message), error.code
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(ValidationError)
make sure fns aren't named the same
2017-11-16 17:46:41 +00:00
def marshmallow_validation_error(error):
downgrade lots of routine logging from error/exception to info most of them are 400s for badly inputted phone numbers etc
2018-02-08 13:38:32 +00:00
current_app.logger.info(error)
Change endpoint responses where there are marshalling, unmarshalling or param errors to raise invalid data exception. That will cause those responses to be handled in by errors.py, which will log the errors. Set most of schemas to strict mode so that marshmallow will raise exception rather than checking for errors in return tuple from load. Added handler to errors.py for marshmallow validation errors.
2016-06-14 15:07:23 +01:00
return jsonify(result='error', message=error.messages), 400
Adds a POST version of get inbound messages by phone number. Allows us to POST the search so the phone number is hidden
2017-06-09 10:34:02 +01:00
@blueprint.errorhandler(JsonSchemaValidationError)
make sure fns aren't named the same
2017-11-16 17:46:41 +00:00
def jsonschema_validation_error(error):
downgrade lots of routine logging from error/exception to info most of them are 400s for badly inputted phone numbers etc
2018-02-08 13:38:32 +00:00
current_app.logger.info(error)
Adds a POST version of get inbound messages by phone number. Allows us to POST the search so the phone number is hidden
2017-06-09 10:34:02 +01:00
return jsonify(json.loads(error.message)), 400
Add DAO function and endpoint for archiving email reply_to addresses Added a new DAO function which archives email reply_to addresses by setting archived to True. This raises a new type of error, an ArchiveValidationError, if trying to archive a default reply_to address. Added a new endpoint for archiving email reply_to addresses.
2018-04-25 16:34:36 +01:00
@blueprint.errorhandler(ArchiveValidationError)
def archive_validation_error(error):
current_app.logger.info(error)
return jsonify(result='error', message=str(error)), 400
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(InvalidRequest)
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
def invalid_data(error):
response = jsonify(error.to_dict())
response.status_code = error.status_code
downgrade lots of routine logging from error/exception to info most of them are 400s for badly inputted phone numbers etc
2018-02-08 13:38:32 +00:00
current_app.logger.info(error)
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
return response
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(400)
Wire up error handlers. Replace some 400s with more appropriate 500s. DAO methods that cause unexpected exceptions get caught and logged by errors.py 500 error handler.
2016-02-17 17:04:50 +00:00
def bad_request(e):
handle Exception and remove duplication in errors.py ensure that if unexpected Exceptions are thrown, we handle them correctly (log and then return JSON) also remove some branches that will never trip, and combine a couple of identical functions
2016-10-17 17:41:39 +01:00
msg = e.description or "Invalid request parameters"
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
current_app.logger.exception(msg)
Working permissions and all tests passing. Remove print statements. Fix for review comments.
2016-02-26 12:00:16 +00:00
return jsonify(result='error', message=str(msg)), 400
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(401)
Wire up error handlers. Replace some 400s with more appropriate 500s. DAO methods that cause unexpected exceptions get caught and logged by errors.py 500 error handler.
2016-02-17 17:04:50 +00:00
def unauthorized(e):
Improve text for error messages
2020-01-24 17:32:41 +00:00
error_message = "Unauthorized: authentication token must be provided"
Fix get_users_by_service to return 404 if service does not exist. Refactored service/rest.py so that all methods are returning a properly formatted error message so that the error message can deal with the response. Refactoed errors.py to properly format the error message.
2016-02-25 12:11:51 +00:00
return jsonify(result='error', message=error_message), 401, [('WWW-Authenticate', 'Bearer')]
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(403)
Wire up error handlers. Replace some 400s with more appropriate 500s. DAO methods that cause unexpected exceptions get caught and logged by errors.py 500 error handler.
2016-02-17 17:04:50 +00:00
def forbidden(e):
Improve text for error messages
2020-01-24 17:32:41 +00:00
error_message = "Forbidden: invalid authentication token provided"
Fix get_users_by_service to return 404 if service does not exist. Refactored service/rest.py so that all methods are returning a properly formatted error message so that the error message can deal with the response. Refactoed errors.py to properly format the error message.
2016-02-25 12:11:51 +00:00
return jsonify(result='error', message=error_message), 403
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(429)
Wire up error handlers. Replace some 400s with more appropriate 500s. DAO methods that cause unexpected exceptions get caught and logged by errors.py 500 error handler.
2016-02-17 17:04:50 +00:00
def limit_exceeded(e):
Rest methods that explicitly return errors by pass the error handlers as they do not raise exceptions. Introduced a simple exception that contains error messages and status code that can be used rather than return json + status code from rest methods directly. The handler in errors for this exception can then log the error before returning json.
2016-06-13 11:48:20 +01:00
current_app.logger.exception(e)
Fix get_users_by_service to return 404 if service does not exist. Refactored service/rest.py so that all methods are returning a properly formatted error message so that the error message can deal with the response. Refactoed errors.py to properly format the error message.
2016-02-25 12:11:51 +00:00
return jsonify(result='error', message=str(e.description)), 429
Implement a JWT header into base client - adds a base client - adds a notifications client These do not proxy onto genuine methods. This pull request is the basic implication of the API Client. Still needs a few things before is ready, notably proper logging and actual API endpoints to hook into. Basic premise is to deliver the JWT tokens required for Notify API authentication so we can discuss the implementation/premise.
2015-12-11 16:57:00 +00:00
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(NoResultFound)
@blueprint.errorhandler(DataError)
handle Exception and remove duplication in errors.py ensure that if unexpected Exceptions are thrown, we handle them correctly (log and then return JSON) also remove some branches that will never trip, and combine a couple of identical functions
2016-10-17 17:41:39 +01:00
def no_result_found(e):
downgrade lots of routine logging from error/exception to info most of them are 400s for badly inputted phone numbers etc
2018-02-08 13:38:32 +00:00
current_app.logger.info(e)
Fix get_users_by_service to return 404 if service does not exist. Refactored service/rest.py so that all methods are returning a properly formatted error message so that the error message can deal with the response. Refactoed errors.py to properly format the error message.
2016-02-25 12:11:51 +00:00
return jsonify(result='error', message="No result found"), 404
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
handle Exception and remove duplication in errors.py ensure that if unexpected Exceptions are thrown, we handle them correctly (log and then return JSON) also remove some branches that will never trip, and combine a couple of identical functions
2016-10-17 17:41:39 +01:00
# this must be defined after all other error handlers since it catches the generic Exception object
@blueprint.app_errorhandler(500)
- Add validation methods for post notification. - Use these validation methods in post_sms_notification and the version 1 of post_notification. - Create a v2 error handlers. - InvalidRequest has a to_dict method for private and v1 error responses and a to_dict_v2 method to create the v2 of the error responses. - Each validation method has extensive unit tests, so the unit test for the endpoint do not need to check every error case, but check that the error handle formats the message correctly. - The format of the error messages is still a work on progress. - This version of the api could be deployed without causing a problem to the application. - The new endpoing is still a work in progress and is not being used yet.
2016-10-27 11:46:37 +01:00
@blueprint.errorhandler(Exception)
handle Exception and remove duplication in errors.py ensure that if unexpected Exceptions are thrown, we handle them correctly (log and then return JSON) also remove some branches that will never trip, and combine a couple of identical functions
2016-10-17 17:41:39 +01:00
def internal_server_error(e):
pin marshmallow and update flask error handling
2019-09-04 12:14:28 +01:00
# if e is a werkzeug InternalServerError then it may wrap the original exception. For more details see:
# https://flask.palletsprojects.com/en/1.1.x/errorhandling/?highlight=internalservererror#unhandled-exceptions
e = getattr(e, 'original_exception', e)
handle Exception and remove duplication in errors.py ensure that if unexpected Exceptions are thrown, we handle them correctly (log and then return JSON) also remove some branches that will never trip, and combine a couple of identical functions
2016-10-17 17:41:39 +01:00
current_app.logger.exception(e)
return jsonify(result='error', message="Internal server error"), 500
Reference in New Issue Copy Permalink