I have read information on Spyne Faults (http://spyne.io/docs/2.10/manual/03_types.html), but cant get my head around raising a Fault properly with a 400 Return code. I have the Fault response forming properly, but with a 500 HTTP return code when I have a requirement to return 400.
#srpc(Boolean, _returns=String)
def requestConfiguration(value):
#if value is true, get all the data
if value == True:
#todo - get the config
return 'True Received'
else:
# if anything other than True is received, MUST respond with a SOAP fault and HTTP 400
raise Fault(faultcode="Client.", faultstring="Value must be True")
# raise error.InvalidInputError("problem", "problem")
Reading some of the documentation (http://spyne.io/docs/2.10/modules/spyne/model/fault.html#Fault) , i am interpreting it as the FaultCode must be a string starting with Client and it will return a 400 error. (I know if-else is bad, im just trying to get a proof of concept working before i write the code up properly)
I think i need to subclass the fault instead of just raising it but cant get my head around it. I dived into the code /protocol/soap/soap11 and saw that the fault_to_http_reponse_code simply returns HTTP 500.
Thanks in advance
I gave up on the subclass approach, instead i just updated the fault_to_http_reponse_code function in soap11.py. Its a gross patch but it does the job for what i want.
def fault_to_http_response_code(self, fault):
from spyne.const.http import HTTP_400, HTTP_401, HTTP_404, HTTP_405, HTTP_413, HTTP_500
from spyne.error import Fault, InternalError, ResourceNotFoundError, RequestTooLongError, RequestNotAllowed, InvalidCredentialsError
if isinstance(fault, RequestTooLongError):
return HTTP_413
if isinstance(fault, ResourceNotFoundError):
return HTTP_404
if isinstance(fault, RequestNotAllowed):
return HTTP_405
if isinstance(fault, InvalidCredentialsError):
return HTTP_401
if isinstance(fault, Fault) and (fault.faultcode.startswith('Client.')
or fault.faultcode == 'Client'):
return HTTP_400
return HTTP_500
Then im just raising a normal fault, with the faultcode beginning with Client.
raise Fault(faultcode="Client.", faultstring="value must be True)
Hopfully someone will chip in with the proper approach to this.
Related
So I am working on Python FastAPI project.
My current objective is to correctly authenticate password so correct password should trigger HTTP 204 response code, in every other case (also empty params) HTTP 401 should be triggered.
The examples look like that:
Here the response should be: 204
/auth?password=haslo&password_hash=013c6889f799cd986a735118e1888727d1435f7f623d05d58c61bf2cd8b49ac90105e5786ceaabd62bbc27336153d0d316b2d13b36804080c44aa6198c533215
And here: 401
/auth?password=haslo&password_hash=f34ad4b3ae1e2cf33092e2abb60dc0444781c15d0e2e9ecdb37e4b14176a0164027b05900e09fa0f61a1882e0b89fbfa5dcfcc9765dd2ca4377e2c794837e091
I am correctly handling RequestValidationError, and my hashed password validation looks like this:
class AuthResponse(BaseModel):
status_code: int
#app.get("/auth", response_model=AuthResponse)
async def auth(password: str, password_hash: str, response: Response):
try:
m = hashlib.sha512(bytes(password, encoding="ASCII"))
if str(m.hexdigest()) == password_hash:
response.status_code = 204
else:
response.status_code = 401
except Exception:
response.status_code = 401
return AuthResponse(status_code=response.status_code)
Now I cannot think of any passed parameter that would trigger incorrect validation (passing 204 code instead of 401), but it seems that it is possible, as external assertion shows. I know it must be something about empty values other than None, but I can't figure it out by myself.
I have already tried patterns like:
/auth?password=&password_hash=
/auth?password=%00&password_hash=%00
http://127.0.0.1:8000/auth?password=%0&password_hash=%0
I would really appreciate some kind of help, hint or suggestion.
Thank you all, it is only a coding exercise project, so many things could be a little bit off. But as it happens I didn't check the empty password parameter which creates valid hash, but is not correct according to task.
I have always used:
r = requests.get(url)
if r.status_code == 200:
# my passing code
else:
# anything else, if this even exists
Now I was working on another issue and decided to allow for other errors and am instead now using:
try:
r = requests.get(url)
r.raise_for_status()
except requests.exceptions.ConnectionError as err:
# eg, no internet
raise SystemExit(err)
except requests.exceptions.HTTPError as err:
# eg, url, server and other errors
raise SystemExit(err)
# the rest of my code is going here
With the exception that various other errors could be tested for at this level, is one method any better than the other?
Response.raise_for_status() is just a built-in method for checking status codes and does essentially the same thing as your first example.
There is no "better" here, just about personal preference with flow control. My preference is toward try/except blocks for catching errors in any call, as this informs the future programmer that these conditions are some sort of error. If/else doesn't necessarily indicate an error when scanning code.
Edit: Here's my quick-and-dirty pattern.
import time
import requests
from requests.exceptions import HTTPError
url = "https://theurl.com"
retries = 3
for n in range(retries):
try:
response = requests.get(url)
response.raise_for_status()
break
except HTTPError as exc:
code = exc.response.status_code
if code in [429, 500, 502, 503, 504]:
# retry after n seconds
time.sleep(n)
continue
raise
However, in most scenarios, I subclass requests.Session, make a custom HTTPAdapter that handles exponential backoffs, and the above lives in an overridden requests.Session.request method. An example of that can be seen here.
Almost always, raise_for_status() is better.
The main reason is that there is a bit more to it than testing status_code == 200, and you should be making best use of tried-and-tested code rather than creating your own implementation.
For instance, did you know that there are actually five different 'success' codes defined by the HTTP standard? Four of those 'success' codes will be misinterpreted as failure by testing for status_code == 200.
If you are not sure, follow the Ian Goldby's answer.
...however please be aware that raise_for_status() is not some magical or exceptionally smart solution - it's a very simple function that decodes the response body and throws an exception for HTTP codes 400-599, distinguishing client-side and server-side errors (see its code here).
And especially the client-side error responses may contain valuable information in the response body that you may want to process. For example a HTTP 400 Bad Request response may contain the error reason.
In such a case it may be better to not use raise_for_status() but instead cover all the cases by yourself.
Example code
try:
r = requests.get(url)
# process the specific codes from the range 400-599
# that you are interested in first
if r.status_code == 400:
invalid_request_reason = r.text
print(f"Your request has failed because: {invalid_request_reason}")
return
# this will handle all other errors
elif r.status_code > 400:
print(f"Your request has failed with status code: {r.status_code}")
return
except requests.exceptions.ConnectionError as err:
# eg, no internet
raise SystemExit(err)
# the rest of my code is going here
Real-world use case
PuppetDB's API using the Puppet Query Language (PQL) responds with a HTTP 400 Bad Request to a syntactically invalid query with a very precise info where is the error.
Request query:
nodes[certname] { certname == "bastion" }
Body of the HTTP 400 response:
PQL parse error at line 1, column 29:
nodes[certname] { certname == "bastion" }
^
Expected one of:
[
false
true
#"[0-9]+"
-
'
"
#"\s+"
See my Pull Request to an app that uses this API to make it show this error message to a user here, but note that it doesn't exactly follow the example code above.
Better is somewhat subjective; both can get the job done. That said, as a relatively inexperienced programmer I prefer the Try / Except form.
For me, the T / E reminds me that requests don't always give you what you expect (in a way that if / else doesn't - but that could just be me).
raise_for_status() also lets you easily implement as many or as few different actions for the different error types (.HTTPError, .ConnectionError) as you need.
In my current project, I've settled on the form below, as I'm taking the same action regardless of cause, but am still interested to know the cause:
try:
...
except requests.exceptions.RequestException as e:
raise SystemExit(e) from None
Toy implementation:
import requests
def http_bin_repsonse(status_code):
sc = status_code
try:
url = "http://httpbin.org/status/" + str(sc)
response = requests.post(url)
response.raise_for_status()
p = response.content
except requests.exceptions.RequestException as e:
print("placeholder for save file / clean-up")
raise SystemExit(e) from None
return response, p
response, p = http_bin_repsonse(403)
print(response.status_code)
I am running the following:
import geopy
geolocator = geopy.geocoders.OpenMapQuest(api_key='my_key_here')
location1 = geolocator.geocode('Madrid')
where my_key_here is my consumer key for mapquest, and I get the following error:
GeocoderInsufficientPrivileges: HTTP Error 403: Forbidden
Not sure what I am doing wrong.
Thanks!
I've also tried the same with the same result. After checking the Library, I found out, that the error is referring to the line, where the request ist build and it seems, that the API Key is not transmitted. If you add no key in the init statement, the api_key='' so I tried to change the line 66 in my own Library of the file: https://github.com/geopy/geopy/blob/master/geopy/geocoders/openmapquest.py to my key.
Still no success! The key itself works, I've tested it with calling the URL that is also called in the Library:
http://open.mapquestapi.com/nominatim/v1/search.php?key="MY_KEY"&format=json&json_callback=renderBasicSearchNarrative&q=westminster+abbey
no idea why this isn't working…
Cheers.kg
I made slight progress with fixing this one. I was able to get the query written correctly, but its the json parsing that kind of have me stumped. Maybe someone knows. I know the url is being sent correctly (I checked it in the browser and it returned a json object). Maybe someone knows how to parse the returned json object to get it to finally work.
Anyways, I had to go in the openmapquest.py source code, and starting from line 66, I made the following modifications:
self.api_key = api_key
self.api = "http://www.mapquestapi.com/geocoding/v1/address?"
def geocode(self, query, exactly_one=True, timeout=None): # pylint: disable=W0221
"""
Geocode a location query.
:param string query: The address or query you wish to geocode.
:param bool exactly_one: Return one result or a list of results, if
available.
:param int timeout: Time, in seconds, to wait for the geocoding service
to respond before raising a :class:`geopy.exc.GeocoderTimedOut`
exception. Set this only if you wish to override, on this call
only, the value set during the geocoder's initialization.
.. versionadded:: 0.97
"""
params = {
'key': self.api_key,
'location': self.format_string % query
}
if exactly_one:
params['maxResults'] = 1
url = "&".join((self.api, urlencode(params)))
print url # Print the URL just to make sure it's produced correctly
Now the task remains to get the _parse_json function working.
I'm trying to create a simple flask application that takes a string from an iOS application and stores it in a local data base. I'm a bit confused whats happening in the return portion of the submitPost() function. I'm trying to return a dictionary that contains a BOOL that indicates whether the Post request executed fully. However, i'm not sure how to variate between returning a 0 or a 1.
//Function that handles the Post request
#app.route('/submitPost/', methods=['POST'])
def submitPost():
post = Post.from_json(request.json)
db.session.add(post)
db.session.commit()
return jsonify(post.to_json), {'Success': 1}
Try the below. This way if an exception is thrown when trying to insert data it will be caught and the transaction will be rolled back as well as a response being send back.
you could also replace the zero and one with True & False depending on your preference
Below code hasn't been tested
#app.route('/submitPost/', methods=['POST'])
def submitPost():
try:
post = Post.from_json(request.json)
db.session.add(post)
db.session.commit()
return jsonify({'Success': 1})
except Exception: # replace with a more meaningful exception
db.session.rollback()
return jsonify{'Failure': 0}
I know I'm probably doing something pretty stupid or small (I hope) but what I'm doing is passing suds an array of data but all I'm getting is this error.
suds.WebFault: Server raised fault: 'The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:tankLevelDataArray. The InnerException message was 'Error in line 1 position 407. Expecting state 'Element'.. Encountered 'Text' with name '', namespace ''. '. Please see InnerException for more details.'
No matter what I try my program will keep getting this issue, this is my code that I am currently using to pass it the array.
def PosEncodedTankData( Id, encodedTankData ):
global HOST2
global PORT2
global DATA
date = datetime.datetime.now()
#Setup Soap
client = Client(HOST2)
try:
#Send data
print (client)
tankLevelDataArray = client.factory.create('tankLevelDataArray')
tankLevelDataArray = np.array(sortData(DATA, 21, tankLevelDataArray))
client.service.PostTankDataArray (1, tankLevelDataArray)
print ("Message Recieved")
except TimeoutError:
print ("Message was not sent")
So when go through that method is just fails.. But I haven't been able to figure out what is happening.
I am passing a array of arrays.
Nevermind everyone, looks like the array needed was an array of TankLevelData and I was just giving it integers therefor causing my error. My bad.