From 9baf702f05518f56ac40b5b8cd700768e92a9dc9 Mon Sep 17 00:00:00 2001 From: pk-zipstack Date: Mon, 20 Jan 2025 16:39:31 +0530 Subject: [PATCH 1/3] Fixed invalid api key format raising 500 --- backend/api_v2/api_key_validator.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/backend/api_v2/api_key_validator.py b/backend/api_v2/api_key_validator.py index 9a59bb8cb..890d13cf2 100644 --- a/backend/api_v2/api_key_validator.py +++ b/backend/api_v2/api_key_validator.py @@ -1,7 +1,9 @@ import logging +import uuid from functools import wraps from typing import Any +from account_v2.exceptions import BadRequestException from api_v2.exceptions import Forbidden from rest_framework.request import Request @@ -39,6 +41,8 @@ def wrapper(self: Any, request: Request, *args: Any, **kwargs: Any) -> Any: api_key = authorization_header.split(" ")[1] if not api_key: raise Forbidden("Missing api key") + if not cls.is_valid_uuid(api_key): + raise BadRequestException("Invalid API key format. Expected a UUID.") cls.validate_parameters(request, **kwargs) return cls.validate_and_process( self, request, func, *args, **kwargs, api_key=api_key @@ -58,3 +62,19 @@ def validate_and_process( """Process and validate API key with specific logic required by subclasses.""" pass + + @staticmethod + def is_valid_uuid(api_key: str) -> bool: + """Check if a given string is a valid UUID. + + Args: + api_key (str): The API key to validate + + Returns: + bool: True if valid UUID, False otherwise + """ + try: + uuid.UUID(api_key) + return True + except ValueError: + return False From 3e6db82b8d19d6f8af23bd82ac22f203e2087f22 Mon Sep 17 00:00:00 2001 From: pk-zipstack Date: Tue, 21 Jan 2025 13:53:33 +0530 Subject: [PATCH 2/3] Modified the validate_api_key method to capture validation error and raise a UnauthorizedKey() error --- backend/api_v2/api_key_validator.py | 22 +--------------------- backend/api_v2/key_helper.py | 3 ++- 2 files changed, 3 insertions(+), 22 deletions(-) diff --git a/backend/api_v2/api_key_validator.py b/backend/api_v2/api_key_validator.py index 890d13cf2..5c887c725 100644 --- a/backend/api_v2/api_key_validator.py +++ b/backend/api_v2/api_key_validator.py @@ -1,9 +1,7 @@ import logging -import uuid from functools import wraps from typing import Any -from account_v2.exceptions import BadRequestException from api_v2.exceptions import Forbidden from rest_framework.request import Request @@ -41,8 +39,6 @@ def wrapper(self: Any, request: Request, *args: Any, **kwargs: Any) -> Any: api_key = authorization_header.split(" ")[1] if not api_key: raise Forbidden("Missing api key") - if not cls.is_valid_uuid(api_key): - raise BadRequestException("Invalid API key format. Expected a UUID.") cls.validate_parameters(request, **kwargs) return cls.validate_and_process( self, request, func, *args, **kwargs, api_key=api_key @@ -61,20 +57,4 @@ def validate_and_process( ) -> Any: """Process and validate API key with specific logic required by subclasses.""" - pass - - @staticmethod - def is_valid_uuid(api_key: str) -> bool: - """Check if a given string is a valid UUID. - - Args: - api_key (str): The API key to validate - - Returns: - bool: True if valid UUID, False otherwise - """ - try: - uuid.UUID(api_key) - return True - except ValueError: - return False + pass \ No newline at end of file diff --git a/backend/api_v2/key_helper.py b/backend/api_v2/key_helper.py index 2ff10654c..19aee1aaa 100644 --- a/backend/api_v2/key_helper.py +++ b/backend/api_v2/key_helper.py @@ -2,6 +2,7 @@ from typing import Union from api_v2.exceptions import UnauthorizedKey +from django.core.exceptions import ValidationError from api_v2.models import APIDeployment, APIKey from api_v2.serializers import APIKeySerializer from pipeline_v2.models import Pipeline @@ -29,7 +30,7 @@ def validate_api_key( api_key_instance: APIKey = APIKey.objects.get(api_key=api_key) if not KeyHelper.has_access(api_key_instance, instance): raise UnauthorizedKey() - except APIKey.DoesNotExist: + except (APIKey.DoesNotExist, ValidationError): raise UnauthorizedKey() @staticmethod From b4a18c10cf6e48fe433a0f441efce22c7f769741 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 08:25:01 +0000 Subject: [PATCH 3/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- backend/api_v2/api_key_validator.py | 2 +- backend/api_v2/key_helper.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/api_v2/api_key_validator.py b/backend/api_v2/api_key_validator.py index 5c887c725..9a59bb8cb 100644 --- a/backend/api_v2/api_key_validator.py +++ b/backend/api_v2/api_key_validator.py @@ -57,4 +57,4 @@ def validate_and_process( ) -> Any: """Process and validate API key with specific logic required by subclasses.""" - pass \ No newline at end of file + pass diff --git a/backend/api_v2/key_helper.py b/backend/api_v2/key_helper.py index 19aee1aaa..22421ff86 100644 --- a/backend/api_v2/key_helper.py +++ b/backend/api_v2/key_helper.py @@ -2,9 +2,9 @@ from typing import Union from api_v2.exceptions import UnauthorizedKey -from django.core.exceptions import ValidationError from api_v2.models import APIDeployment, APIKey from api_v2.serializers import APIKeySerializer +from django.core.exceptions import ValidationError from pipeline_v2.models import Pipeline from rest_framework.request import Request from workflow_manager.workflow_v2.workflow_helper import WorkflowHelper