Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BB2-3489: Remove [Object object] errors #1290

Merged
merged 1 commit into from
Feb 7, 2025
Merged

BB2-3489: Remove [Object object] errors #1290

merged 1 commit into from
Feb 7, 2025

Conversation

loganbertram
Copy link
Contributor

JIRA Ticket:
BB2-3489

What Does This PR Do?

This PR removes the [Object object] errors when invalid scopes are defined in testing. This issue is funny because DOT tries to return an Oauth-style redirect like

{'headers': {'Content-Type': 'text/html; charset=utf-8', 'Location': 'https://oauth.pstmn.io/v1/callback?error=invalid_scope'}, '_charset': None, '_resource_closers': [], '_handler_class': None, 'cookies': <SimpleCookie: >, 'closed': False, '_reason_phrase': None, '_container': ["b''"], 'allowed_schemes': ['https', 'http']}

This could be OK, but the usage context of our API makes it unlikely that this kind of response is ever useful. The error is most likely to occur in test and the most likely people to see it are not the end users of our API, but our own developers and application developers testing in Postman. For this reason, an Oauth-style redirect error that passes the error back to the callback url is less than ideal. This PR changes the error to a JSON error like

{"status_code": 400, "message": "Invalid scopes"}

This error is more concise and useful in postman and curl, the only contexts anyone is likely to encounter the error.

What Should Reviewers Watch For?

There were unit tests before I moved the code to this more general place. Manual validation can be simply performed and is described below.

Validation

Run the application locally and use postman to attempt to retrieve a new token, but misspell any of the scopes. You should receive a json error in the authentication popup. You can, alternatively, use cURL.

What Security Implications Does This PR Have?

Please indicate if this PR does any of the following:

  • Adds any new software dependencies
  • Modifies any security controls
  • Adds new transmission or storage of data
  • Any other changes that could possibly affect security?
  • Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team
    security engineer's approval.

Any Migrations?

  • Yes, there are migrations
    • The migrations should be run PRIOR to the code being deployed
    • The migrations should be run AFTER the code is deployed
    • There is a more complicated migration plan (downtime,
      etc)
  • No migrations

@loganbertram loganbertram merged commit 5629560 into master Feb 7, 2025
8 of 9 checks passed
@loganbertram loganbertram deleted the loganbertram/BB2-3489-fix-object-object-error branch February 7, 2025 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwang-icf bwang-icf bwang-icf approved these changes

Assignees

@bwang-icf bwang-icf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@loganbertram @bwang-icf