AppEngine misbehaving in the authentication flow
vitorguidi opened this issue · 0 comments
vitorguidi commented
Exception on / [GET]
Traceback (most recent call last):
File "/srv/libs/auth.py", line 217, in decode_claims
return auth.verify_session_cookie(session_cookie, check_revoked=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/auth.py", line 275, in verify_session_cookie
client._check_jwt_revoked_or_disabled(
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/_auth_client.py", line 758, in _check_jwt_revoked_or_disabled
raise exc_type('The Firebase {0} has been revoked.'.format(label))
firebase_admin._token_gen.RevokedSessionCookieError: The Firebase session cookie has been revoked.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/handlers/base_handler.py", line 278, in dispatch_request
return super().dispatch_request(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/views.py", line 188, in dispatch_request
return current_app.ensure_sync(meth)(**kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/handler.py", line 384, in wrapper
response = make_response(func(self, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/handlers/testcase_list.py", line 185, in get
result, params = get_result()
^^^^^^^^^^^^
File "/srv/handlers/testcase_list.py", line 119, in get_result
crash_access.add_scope(query, params, 'security_flag', 'job_type',
File "/srv/libs/crash_access.py", line 85, in add_scope
scope = get_scope()
^^^^^^^^^^^
File "/srv/libs/crash_access.py", line 51, in get_scope
is_privileged = access.has_access(need_privileged_access=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/access.py", line 81, in has_access
result = get_access(
^^^^^^^^^^^
File "/srv/libs/access.py", line 91, in get_access
if auth.is_current_user_admin():
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 62, in is_current_user_admin
user = get_current_user()
^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 163, in get_current_user
decoded_claims = decode_claims(get_session_cookie())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 218, in decode_claims
except (ValueError, auth.AuthError):
^^^^^^^^^^^^^^
AttributeError: module 'firebase_admin.auth' has no attribute 'AuthError'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/libs/auth.py", line 217, in decode_claims
return auth.verify_session_cookie(session_cookie, check_revoked=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/auth.py", line 275, in verify_session_cookie
client._check_jwt_revoked_or_disabled(
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/_auth_client.py", line 758, in _check_jwt_revoked_or_disabled
raise exc_type('The Firebase {0} has been revoked.'.format(label))
firebase_admin._token_gen.RevokedSessionCookieError: The Firebase session cookie has been revoked.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/handlers/base_handler.py", line 253, in handle_exception
return self.render('error.html', values, status)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/handlers/base_handler.py", line 197, in render
if not auth.is_current_user_admin() else None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 62, in is_current_user_admin
user = get_current_user()
^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 163, in get_current_user
decoded_claims = decode_claims(get_session_cookie())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 218, in decode_claims
except (ValueError, auth.AuthError):
^^^^^^^^^^^^^^
AttributeError: module 'firebase_admin.auth' has no attribute 'AuthError'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/srv/libs/auth.py", line 217, in decode_claims
return auth.verify_session_cookie(session_cookie, check_revoked=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/auth.py", line 275, in verify_session_cookie
client._check_jwt_revoked_or_disabled(
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_admin/_auth_client.py", line 758, in _check_jwt_revoked_or_disabled
raise exc_type('The Firebase {0} has been revoked.'.format(label))
firebase_admin._token_gen.RevokedSessionCookieError: The Firebase session cookie has been revoked.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 2525, in wsgi_app
response = self.full_dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1822, in full_dispatch_request
rv = self.handle_user_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1820, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1796, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/views.py", line 107, in view
return current_app.ensure_sync(self.dispatch_request)(**kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/handlers/base_handler.py", line 280, in dispatch_request
return self.handle_exception(exception)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/handlers/base_handler.py", line 255, in handle_exception
self.handle_exception_exception()
File "/srv/handlers/base_handler.py", line 266, in handle_exception_exception
return self.render('error.html', values, 500)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/handlers/base_handler.py", line 197, in render
if not auth.is_current_user_admin() else None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 62, in is_current_user_admin
user = get_current_user()
^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 163, in get_current_user
decoded_claims = decode_claims(get_session_cookie())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/srv/libs/auth.py", line 218, in decode_claims
except (ValueError, auth.AuthError):
^^^^^^^^^^^^^^
AttributeError: module 'firebase_admin.auth' has no attribute 'AuthError'
This caused a 500 internal error screen to show up. Managed to get back by clearing cookies/cache
