Allow both 400 and 401 for JWT expiry responses

alexcjohnson · alexcjohnson · commit e53bb8cdb4f8 · 2022-06-17T14:40:23.000-04:00
diff --git a/dash/dash-renderer/src/actions/api.js b/dash/dash-renderer/src/actions/api.js
@@ -65,7 +65,10 @@ export default function apiThunk(endpoint, method, store, id, body) {
                     return;
                 }
 
-                if (res.status === STATUS.UNAUTHORIZED) {
+                if (
+                    res.status === STATUS.UNAUTHORIZED ||
+                    res.status === STATUS.BAD_REQUEST
+                ) {
                     if (hooks.request_refresh_jwt) {
                         const body = await res.text();
                         if (body.includes(JWT_EXPIRED_MESSAGE)) {
diff --git a/dash/dash-renderer/src/actions/callbacks.ts b/dash/dash-renderer/src/actions/callbacks.ts
@@ -536,7 +536,8 @@ export function executeCallback(
                         lastError = res;
                         if (
                             retry <= MAX_AUTH_RETRIES &&
-                            res.status === STATUS.UNAUTHORIZED
+                            (res.status === STATUS.UNAUTHORIZED ||
+                                res.status === STATUS.BAD_REQUEST)
                         ) {
                             const body = await res.text();
 
diff --git a/dash/dash-renderer/src/constants/constants.js b/dash/dash-renderer/src/constants/constants.js
@@ -5,6 +5,10 @@ export const JWT_EXPIRED_MESSAGE = 'JWT Expired';
 export const STATUS = {
     OK: 200,
     PREVENT_UPDATE: 204,
+    // We accept both 400 and 401 for JWT token expiry responses.
+    // Some servers use code 400 for expired tokens, because
+    // they reserve 401 for cases that require user action
+    BAD_REQUEST: 400,
     UNAUTHORIZED: 401,
     CLIENTSIDE_ERROR: 'CLIENTSIDE_ERROR',
     NO_RESPONSE: 'NO_RESPONSE'
diff --git a/dash/development/base_component.py b/dash/development/base_component.py
@@ -196,7 +196,7 @@ def _set_random_id(self):
                 """
             )
 
-        v = str(uuid.UUID(int=rd.randint(0, 2 ** 128)))
+        v = str(uuid.UUID(int=rd.randint(0, 2**128)))
         setattr(self, "id", v)
         return v
 
diff --git a/tests/integration/renderer/test_request_hooks.py b/tests/integration/renderer/test_request_hooks.py
@@ -1,6 +1,7 @@
 import json
 import functools
 import flask
+import pytest
 
 from dash import Dash, Output, Input, html, dcc
 from werkzeug.exceptions import HTTPException
@@ -195,7 +196,8 @@ def update_output(value):
     assert dash_duo.get_logs() == []
 
 
-def test_rdrh003_refresh_jwt(dash_duo):
+@pytest.mark.parametrize("expiry_code", [401, 400])
+def test_rdrh003_refresh_jwt(expiry_code, dash_duo):
 
     app = Dash(__name__)
 
@@ -260,7 +262,7 @@ def wrap(*args, **kwargs):
                 ):
                     # Read the data to prevent bug with base http server.
                     flask.request.get_json(silent=True)
-                    flask.abort(401, description="JWT Expired " + str(token))
+                    flask.abort(expiry_code, description="JWT Expired " + str(token))
             except HTTPException as e:
                 return e
             return func(*args, **kwargs)

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ def _set_random_id(self):`
`196`	`196`	`"""`
`197`	`197`	`)`
`198`	`198`
`199`		`- v = str(uuid.UUID(int=rd.randint(0, 2 ** 128)))`
	`199`	`+ v = str(uuid.UUID(int=rd.randint(0, 2**128)))`
`200`	`200`	`setattr(self, "id", v)`
`201`	`201`	`return v`
`202`	`202`