Return json output instead of html when wrong token in Header Authorization (#1247)

fix #1246 Return a JsonResponse instead of raising AuthenticationFailed Exception that is turned into the general html error by django. rest_framework.response.Response should not be used in middleware, will return django.template.response.ContentNotRenderedError.
2025-01-18 12:11:35 +00:00 · 2024-04-29 23:08:46 +00:00 · 2024-04-29 23:08:46 +00:00 · c3d1cd2472
commit c3d1cd2472
parent c623a38574
1 changed files with 12 additions and 6 deletions
--- a/robosats/middleware.py
+++ b/robosats/middleware.py
@ -8,8 +8,8 @@ from django.conf import settings
 from django.contrib.auth.models import AnonymousUser, User, update_last_login
 from django.utils import timezone
 from django.utils.deprecation import MiddlewareMixin
+from django.http import JsonResponse
 from rest_framework.authtoken.models import Token
-from rest_framework.exceptions import AuthenticationFailed
 from robohash import Robohash

 from api.nick_generator.nick_generator import NickGenerator
@ -79,8 +79,11 @@ class RobotTokenSHA256AuthenticationMiddleWare:
            return response

        if not is_valid_token(token_sha256_b91):
-            raise AuthenticationFailed(
-                "Robot token SHA256 was provided in the header. However it is not a valid 39 or 40 characters Base91 string."
+            return JsonResponse(
+                {
+                    "bad_request": "Robot token SHA256 was provided in the header. However it is not a valid 39 or 40 characters Base91 string."
+                },
+                status=400,
            )

        # Check if it is an existing robot.
@ -123,8 +126,11 @@ class RobotTokenSHA256AuthenticationMiddleWare:
                encrypted_private_key = request.COOKIES.get("encrypted_private_key", "")

            if not public_key or not encrypted_private_key:
-                raise AuthenticationFailed(
-                    "On the first request to a RoboSats coordinator, you must provide as well a valid public and encrypted private PGP keys"
+                return JsonResponse(
+                    {
+                        "bad_request": "On the first request to a RoboSats coordinator, you must provide as well a valid public and encrypted private PGP keys"
+                    },
+                    status=400,
                )
            (
                valid,
@ -133,7 +139,7 @@ class RobotTokenSHA256AuthenticationMiddleWare:
                encrypted_private_key,
            ) = validate_pgp_keys(public_key, encrypted_private_key)
            if not valid:
-                raise AuthenticationFailed(bad_keys_context)
+                return JsonResponse({"bad_request": bad_keys_context}, status=400)

            # Hash the token_sha256, only 1 iteration.
            # This is the second SHA256 of the user token, aka RoboSats ID