jscheffl commented on issue #59033:
URL: https://github.com/apache/airflow/issues/59033#issuecomment-3622473200
As per devlist _technically_ all looks good, checked bugs but failed
miserably in opening browser UI after fresh start with a browser and an
expired/invalid JWT token, got a HTTP 500. Started via breeze with command
breeze start-airflow --python 3.12 --load-example-dags --backend postgres
--executor EdgeExecutor --answer y --use-airflow-version 3.1.3
--use-distributions-from-dist
And opening browser (as of breeze requiring a new session) expected a login
page but received an "INTERNAL SERVER ERROR". Some fix in JWT token handling
seems to generate an exception instead of forwarding to login page. In view
this is not acceptable as we must expect invalid sessions from users and need
to redirect to login page. Exception seen in breeze tmux panel for API server:
2025-12-07T15:56:23.562782Z [error ] JWT token is not valid: Signature
verification failed [airflow.api_fastapi.auth.managers.base_auth_manager]
loc=base_auth_manager.py:107
INFO: 172.18.0.1:34366 - "GET / HTTP/1.1" 500 Internal Server Error
ERROR: Exception in ASGI application
+ Exception Group Traceback (most recent call last):
| File "/usr/python/lib/python3.12/site-packages/starlette/_utils.py",
line 79, in collapse_excgroups
| yield
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/base.py", line
183, in __call__
| async with anyio.create_task_group() as task_group:
| ^^^^^^^^^^^^^^^^^^^^^^^^^
| File
"/usr/python/lib/python3.12/site-packages/anyio/_backends/_asyncio.py", line
783, in __aexit__
| raise BaseExceptionGroup(
| ExceptionGroup: unhandled errors in a TaskGroup (1 sub-exception)
+-+---------------- 1 ----------------
| Traceback (most recent call last):
| File
"/usr/python/lib/python3.12/site-packages/uvicorn/protocols/http/httptools_impl.py",
line 409, in run_asgi
| result = await app( # type: ignore[func-returns-value]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File
"/usr/python/lib/python3.12/site-packages/fastapi/applications.py", line 1082,
in __call__
| await super().__call__(scope, receive, send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/applications.py", line 113,
in __call__
| await self.middleware_stack(scope, receive, send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/errors.py", line
186, in __call__
| raise exc
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/errors.py", line
164, in __call__
| await self.app(scope, receive, _send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
29, in __call__
| await responder(scope, receive, send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
130, in __call__
| await super().__call__(scope, receive, send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
46, in __call__
| await self.app(scope, receive, self.send_with_compression)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/cors.py", line
85, in __call__
| await self.app(scope, receive, send)
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/base.py", line
182, in __call__
| with recv_stream, send_stream, collapse_excgroups():
| ^^^^^^^^^^^^^^^^^^^^
| File "/usr/python/lib/python3.12/contextlib.py", line 158, in
__exit__
| self.gen.throw(value)
| File "/usr/python/lib/python3.12/site-packages/starlette/_utils.py",
line 85, in collapse_excgroups
| raise exc
| File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/base.py", line
184, in __call__
| response = await self.dispatch_func(request, call_next)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/auth/middlewares/refresh_token.py",
line 45, in dispatch
| new_user = await self._refresh_user(current_token)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/auth/middlewares/refresh_token.py",
line 67, in _refresh_user
| user = await resolve_user_from_token(current_token)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/core_api/security.py",
line 103, in resolve_user_from_token
| raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid JWT token")
| fastapi.exceptions.HTTPException: 403: Invalid JWT token
+------------------------------------
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File
"/usr/python/lib/python3.12/site-packages/uvicorn/protocols/http/httptools_impl.py",
line 409, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/python/lib/python3.12/site-packages/fastapi/applications.py",
line 1082, in __call__
await super().__call__(scope, receive, send)
File "/usr/python/lib/python3.12/site-packages/starlette/applications.py",
line 113, in __call__
await self.middleware_stack(scope, receive, send)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/errors.py", line
186, in __call__
raise exc
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/errors.py", line
164, in __call__
await self.app(scope, receive, _send)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
29, in __call__
await responder(scope, receive, send)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
130, in __call__
await super().__call__(scope, receive, send)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/gzip.py", line
46, in __call__
await self.app(scope, receive, self.send_with_compression)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/cors.py", line
85, in __call__
await self.app(scope, receive, send)
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/base.py", line
182, in __call__
with recv_stream, send_stream, collapse_excgroups():
^^^^^^^^^^^^^^^^^^^^
File "/usr/python/lib/python3.12/contextlib.py", line 158, in __exit__
self.gen.throw(value)
File "/usr/python/lib/python3.12/site-packages/starlette/_utils.py", line
85, in collapse_excgroups
raise exc
File
"/usr/python/lib/python3.12/site-packages/starlette/middleware/base.py", line
184, in __call__
response = await self.dispatch_func(request, call_next)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/auth/middlewares/refresh_token.py",
line 45, in dispatch
new_user = await self._refresh_user(current_token)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/auth/middlewares/refresh_token.py",
line 67, in _refresh_user
user = await resolve_user_from_token(current_token)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/usr/python/lib/python3.12/site-packages/airflow/api_fastapi/core_api/security.py",
line 103, in resolve_user_from_token
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="Invalid JWT token")
fastapi.exceptions.HTTPException: 403: Invalid JWT token
Clearing all local browser session tokens helped though but this we can not
release.
How to reproduce:
Start Airflow via breeze as described above
Log in (either with a fresh borwser or clear the cookies/sotrages and log in
Stop Airflow and run "breeze down"
Start Airflow again and attempt to open a page. Will raise 500 INTERNAL
SERVER ERROR
Tested both with Firefox and Chromium on Ubuntu Linux
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
