Bug #6861


Double exception on incomplete authorisation information

Added by Pavel Kácha over 3 years ago. Updated over 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
To be discussed:


When Mentat does not get identity field, it throws up exceptions - which throws another.

Throwing exception is not itself wrong, throwing another based on the same reason from the handler is.

However, the problem might be legitimate (identity provider not sending attributes), so user should probably be somehow informed, instead of getting generic 500 page.

Also, exception handler should log some relevant info (obtained auth data or so) for admin debugging.

(Setting priority to low, as it is now mitigated by Shibboleth configuration on server, however we should look into it eventually.)

Message type: CRITICAL
Location:     /var/mentat/venv/lib/python3.7/site-packages/vial/
Module:       app
Function:     eh_internal_server_error
Time:         2020-12-04 10:40:28,374



Request: /auth_env/register?
Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.7/site-packages/hawat/blueprints/auth_env/", line 179, in get_item
    return self.get_user_from_env()
  File "/var/mentat/venv/lib/python3.7/site-packages/hawat/blueprints/auth_env/", line 126, in get_user_from_env
    gettext("Unable to retrieve account login from your authentication provider.")
hawat.blueprints.auth_env.RegistrationException: Nelze získat uživatelské jméno od Vašeho poskytovatele identity.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/var/mentat/venv/lib/python3.7/site-packages/flask/", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/vial/blueprints/auth_env/", line 251, in dispatch_request
    return super().dispatch_request()
  File "/var/mentat/venv/lib/python3.7/site-packages/vial/view/", line 1622, in dispatch_request
    item = self.get_item()
  File "/var/mentat/venv/lib/python3.7/site-packages/hawat/blueprints/auth_env/", line 181, in get_item
    self.abort(500, exc)
  File "/var/mentat/venv/lib/python3.7/site-packages/vial/view/", line 60, in abort
    flask.abort(status_code, message)
  File "/var/mentat/venv/lib/python3.7/site-packages/werkzeug/", line 772, in abort
    return _aborter(status, *args, **kwargs)
  File "/var/mentat/venv/lib/python3.7/site-packages/werkzeug/", line 753, in __call__
    raise self.mapping[code](*args, **kwargs)
werkzeug.exceptions.InternalServerError: 500 Internal Server Error: Nelze získat uživatelské jméno od Vašeho poskytovatele identity.

Actions #1

Updated by Pavel Kácha over 3 years ago

  • To be discussed changed from No to Yes
Actions #2

Updated by Pavel Kácha over 3 years ago

  • To be discussed deleted (Yes)

After discussion 2021-01-11:

  • rewrapped exception might be on purpose - would need to look into it if it's really necessary globally (not just in auth module)
  • user does actually not need not to be informed much more apart from that error occured - admins knows it happended because it's mailed to him and has to look into it anyway. So no change in presentation necessary.
  • However, exceptions, which leave app, should be logged with some more relevant info for debugging: session, cookie, request, user, environment. Flask might have some tools to help with this (something akin to cgitb).

Mek: handlers setting is in _setup_app_core - lib/vial/


Also available in: Atom PDF