Can't nadle JWT::DecodeError exception on Rails 7

Question

Can't nadle JWT::DecodeError exception on Rails 7

coins-black opened this issue 2 years ago · comments

Coins.Black Cryptocurrency Exchanger commented 2 years ago

Hi guys!

I'm using Rails 7 App and want to handle JWT::DecodeError. In my app/controllers/application_controller.rb i wrote:

   rescue_from JWT::DecodeError do |jwt_exception|
	render_error 	message: 'jwt error', 
			http_status: 	:bad_request, 
			error_code: 	'100011'
  end

but still have this in response:

{
  "status": 500,
  "error": "Internal Server Error",
  "exception": "#<JWT::DecodeError: Invalid segment encoding>",
  "traces": { ...

Can anybody help, why exceptions as ActionController::UnknownFormat, ActionDispatch::Http::Parameters::ParseError, and other handles well, but JWT::DecodeError doesn't. Thanks!

Marc Busqué · Answer 1 · Fri Jan 14 2022 13:42:16 GMT+0800 (China Standard Time)

Probably that's because the exception is raised in a Rack middleware before reaching the Rails stack. You can try to debug your issue around this line:

https://github.com/waiting-for-dev/warden-jwt_auth/blob/09c78d747cab802180e4d93a14cc33cf313e27d0/lib/warden/jwt_auth/strategy.rb#L20.

Tobiasz Pauter · Answer 2 · Sat Jan 15 2022 02:13:30 GMT+0800 (China Standard Time)

I've got the same problem on Rails 6.1.4

Coins.Black Cryptocurrency Exchanger · Answer 3 · Mon Jan 17 2022 22:21:27 GMT+0800 (China Standard Time)

solved by adding custom middleware
thanks

Tobiasz Pauter · Answer 4 · Tue Jan 18 2022 00:40:29 GMT+0800 (China Standard Time)

@coins-black Could you share your solution?

Coins.Black Cryptocurrency Exchanger · Answer 5 · Tue Jan 18 2022 22:07:11 GMT+0800 (China Standard Time)

@coins-black Could you share your solution?

Rails 7.0.0

lib/middleware/catch_rack_errors.rb

module Middleware
  class CatchRackErrors

    def initialize(app)
      @app = app
    end         # def initialize


    def call(env)

      begin

        @app.call(env)

      rescue JWT::DecodeError => e

        return [
          401, 
          { "Content-Type" => "application/json" },
          [ 
            { 
              message: 'JWT token is invalid or expired',
              error_code: '100011'
            }.to_json 
          ]
        ]

      end       # rescue

    end         # def call

  end           # class
end             # module

config/application.rb

module AppName
  class Application < Rails::Application
    ...
    # Load my own middleware
    Dir[Rails.root.join('lib', 'middleware', '*.{rb}')].each { |file| require file }

    # Add own middleware for catching errors
    config.middleware.use Middleware::CatchRackErrors
    ...

Cezinha Anjos · Answer 6 · Thu Mar 17 2022 21:19:46 GMT+0800 (China Standard Time)

I had the same problem and this solution worked for me.

It seems that it is a common problem. Dou you think this solution could be provided natively by devise-jwt? Does it make sense?

Marc Busqué · Answer 7 · Thu Mar 17 2022 21:30:55 GMT+0800 (China Standard Time)

Does anybody know what has changed between Rails 6 & 7 for it now be an issue?

Cezinha Anjos · Answer 8 · Fri Mar 18 2022 01:09:58 GMT+0800 (China Standard Time)

Actually I'm not sure if it was introduced recently because I'm using Rails 6 before having devise-jwt. I'm sorry. 😕