Facebook auth gives KeyError
Closed this issue · 3 comments
Hi,
I've tried to set up the example app, simply adding some properly set up facebook api credentials to the config yaml file. But authentication fails (actually, it might happen that authentication was successful, as the resulting view is not shown)
URL: http://localhost:6543/auth/apex_callback?csrf_token=b7727b98b2eecdd7d4b9bb53ec9e6aeac744527b&came_from=http://localhost:6543/protected
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/WebError-0.10.3-py2.7.egg/weberror/evalexception.py', line 431 in respond
app_iter = self.application(environ, detect_start_response)
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/repoze.tm2-1.0b2-py2.7.egg/repoze/tm/__init__.py', line 24 in __call__
result = self.application(environ, save_status_and_headers)
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/pyramid-1.2a3-py2.7.egg/pyramid/router.py', line 176 in __call__
response = self.handle_request(request)
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/pyramid-1.2a3-py2.7.egg/pyramid/tweens.py', line 34 in excview_tween
response = view_callable(exc, request)
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/pyramid-1.2a3-py2.7.egg/pyramid/config/views.py', line 319 in viewresult_to_response
result = view(context, request)
File '/home/akasha/.virtualenvs/pyramid/local/lib/python2.7/site-packages/pyramid-1.2a3-py2.7.egg/pyramid/config/views.py', line 402 in _requestonly_view
response = view(request)
File '/home/akasha/versioning/git/pyramid_apex/apex/views.py', line 352 in forbidden
return Response(request.environ['repoze.bfg.message'])
KeyError: 'repoze.bfg.message'
That error is thrown due to the forbidden handler which suggests something with Facebook failed, and, the environment that pyramid passes is missing that key. Perhaps that key was removed in Pyramid - I'll take a look at that.
The second question is, why did the forbidden handler get called. The two things that typically cause it are an invalid or missing csrf_token which appears to be present. The other possibility is that your beaker session has an improper domain name (isn't localhost) as the callback shouldn't be getting a Forbidden.
I'll patch this, but, would like a little more information so I can duplicate the problem and fix it, rather than hiding the error.
It appears that Pyramid 1.2a3 changed the environment when a Forbidden exception is generated. I suspect the issue you're running into is csrf validation as I just did a clean installation and tested Facebook and I'm not able to generate that message unless I alter the csrf key.
When you visit a protected area, the exception still includes the environment variable 'bfg.routes.route', but, is now missing 'repoze.bfg.message'.
Temporarily I've pushed a fix, but, I'm not satisfied with the solution.
I'm still unable to duplicate this and have used Apex for a number of production projects.
My guess is that the error received was from a bad CSRF which forced the login again. If you can provide me with a minimal test case/configuration that duplicates the error, I'd be more than happy to figure out what went wrong.
I'm going to close it for now as a considerable amount has changed since the ticket was opened, and, it is possible that the issue was fixed along the way as well.