-
-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define a "jwt base class" for exceptions #252
base: master
Are you sure you want to change the base?
Conversation
include/jwt-cpp/jwt.h
Outdated
using std::exception::exception; | ||
}; | ||
|
||
struct signature_verification_exception : exception, public std::system_error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels really weird cause now signature_verification_exception inherits from std::exception twice.
Could we get away with inheriting exception
from std::system_error
(which inherits std::runtime_error
, which in turn inherits std::exception
) ?
@@ -2316,13 +2321,13 @@ namespace jwt { | |||
/** | |||
* Attempt to parse JSON was unsuccessful | |||
*/ | |||
struct invalid_json_exception : public std::runtime_error { | |||
struct invalid_json_exception : exception, public std::runtime_error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above, given that we dont actually set a dynamic error message, we should probably add a "invalid_json" error code and stick that in.
I think we need a more clear goal for this one. I was not expecting it to be soo big 🙈 On the server side if you only do this try {
process_jwt(token);
catch (jwt_exception e) {
//... handling
} How can you know to return 401 vs 403 😕 there's a difference for the token being malformed and not granting permission 🤔 |
Wouldn't this normally be handled in two different places ? Normally the difference between multiple error groups is handled by try {
process_jwt(token);
catch (jwt_exception e) {
if(e.code().category() == signature_verification_error_category())
return 401;
if(e.code().category() == token_verification_error_category())
return 403;
return 500;
} You could also dig down into the actual error code, e.g. to distinguish Regardless, the fact that all the exception types now inherit std::exception twice definitly feels wrong and will almost certainly cause issues. What we could do is have a |
Tomorrow while I travel, I will look at this again... I agree this isn't up to par. Theres 130+ exceptions that are from the STL... some are for sure traits but others I have no clue... Once we know what the exceptions are doing we can figure out a few user stories. Come up with a plan to improve this. |
You're not really supposed to use any of them though except for the 9 in |
I mean we are using them a lot 🤷 despite the other ways we are also using |
closes #215