Part 4: Exception Handling
Howdy! In the previous Part of the series, we learned how we can add authentication
and authorization
. In this part, we are going to learn how we can make our flask application more resilient to errors, and how to send a proper error message to the client.
When something goes wrong in a computer program, the program throws a specific Exception
giving some hint to the user what went wrong. In our application when something goes wrong e.g user tries to create another account with the already used email address, they get an Internal Server Error
and the client has no idea what they did wrong. So, to solve such issues we are going to use Exception Handling
to catch such exceptions and send a proper error message to the client indicating what went wrong.
We are going to use a really useful feature of flask-restful
which lets us define Custom Error Messages.
Let's create a new file errors.py
inside the resources
folder and add the following code:
cd resources
touch errors.py
#~/movie-bag/resources/errors.py
class InternalServerError(Exception):
pass
class SchemaValidationError(Exception):
pass
class MovieAlreadyExistsError(Exception):
pass
class UpdatingMovieError(Exception):
pass
class DeletingMovieError(Exception):
pass
class MovieNotExistsError(Exception):
pass
class EmailAlreadyExistsError(Exception):
pass
class UnauthorizedError(Exception):
pass
errors = {
"InternalServerError": {
"message": "Something went wrong",
"status": 500
},
"SchemaValidationError": {
"message": "Request is missing required fields",
"status": 400
},
"MovieAlreadyExistsError": {
"message": "Movie with given name already exists",
"status": 400
},
"UpdatingMovieError": {
"message": "Updating movie added by other is forbidden",
"status": 403
},
"DeletingMovieError": {
"message": "Deleting movie added by other is forbidden",
"status": 403
},
"MovieNotExistsError": {
"message": "Movie with given id doesn't exists",
"status": 400
},
"EmailAlreadyExistsError": {
"message": "User with given email address already exists",
"status": 400
},
"UnauthorizedError": {
"message": "Invalid username or password",
"status": 401
}
}
As you can see first we have extended the Exception
class to create different custom exceptions and then we created an errors
dictionary, which contains the error message and status codes for each exception. Now, we need to add these errors to the flask-restful
Api
class.
Update app.py
to import recently created errors
dictionary and add this as a parameter to Api
class.
#~/movie-bag/app.py
from database.db import initialize_db
from flask_restful import Api
from resources.routes import initialize_routes
+from resources.errors import errors
app = Flask(__name__)
app.config.from_envvar('ENV_FILE_LOCATION')
-api = Api(app)
+api = Api(app, errors=errors)
bcrypt = Bcrypt(app)
jwt = JWTManager(app)
Finally, we are ready to perform some exception handling in our application. Update movie.py
view functions according to the following:
#~/movie-bag/resources/movie.py
from flask import Response, request
from database.models import Movie, User
from flask_jwt_extended import jwt_required, get_jwt_identity
from flask_restful import Resource
+
+from mongoengine.errors import FieldDoesNotExist, \
+NotUniqueError, DoesNotExist, ValidationError, InvalidQueryError
+
+from resources.errors import SchemaValidationError, +MovieAlreadyExistsError, \
+InternalServerError, UpdatingMovieError, DeletingMovieError, +MovieNotExistsError
+
class MoviesApi(Resource):
def get(self):
@@ -11,32 +15,57 @@ class MoviesApi(Resource):
@jwt_required
def post(self):
- user_id = get_jwt_identity()
- body = request.get_json()
- user = User.objects.get(id=user_id)
- movie = Movie(**body, added_by=user)
- movie.save()
- user.update(push__movies=movie)
- user.save()
- id = movie.id
- return {'id': str(id)}, 200
-
+ try:
+ user_id = get_jwt_identity()
+ body = request.get_json()
+ user = User.objects.get(id=user_id)
+ movie = Movie(**body, added_by=user)
+ movie.save()
+ user.update(push__movies=movie)
+ user.save()
+ id = movie.id
+ return {'id': str(id)}, 200
+ except (FieldDoesNotExist, ValidationError):
+ raise SchemaValidationError
+ except NotUniqueError:
+ raise MovieAlreadyExistsError
+ except Exception as e:
+ raise InternalServerError
+
+
class MovieApi(Resource):
@jwt_required
def put(self, id):
- user_id = get_jwt_identity()
- movie = Movie.objects.get(id=id, added_by=user_id)
- body = request.get_json()
- Movie.objects.get(id=id).update(**body)
- return '', 200
+ try:
+ user_id = get_jwt_identity()
+ movie = Movie.objects.get(id=id, added_by=user_id)
+ body = request.get_json()
+ Movie.objects.get(id=id).update(**body)
+ return '', 200
+ except InvalidQueryError:
+ raise SchemaValidationError
+ except DoesNotExist:
+ raise UpdatingMovieError
+ except Exception:
+ raise InternalServerError
@jwt_required
def delete(self, id):
- user_id = get_jwt_identity()
- movie = Movie.objects.get(id=id, added_by=user_id)
- movie.delete()
- return '', 200
+ try:
+ user_id = get_jwt_identity()
+ movie = Movie.objects.get(id=id, added_by=user_id)
+ movie.delete()
+ return '', 200
+ except DoesNotExist:
+ raise DeletingMovieError
+ except Exception:
+ raise InternalServerError
def get(self, id):
- movies = Movie.objects.get(id=id).to_json()
- return Response(movies, mimetype="application/json", status=200)
+ try:
+ movies = Movie.objects.get(id=id).to_json()
+ return Response(movies, mimetype="application/json", status=200)
+ except DoesNotExist:
+ raise MovieNotExistsError
+ except Exception:
+ raise InternalServerError
Let's see the example of post
method in MoviesApi
class:
def post(self):
try:
user_id = get_jwt_identity()
body = request.get_json()
user = User.objects.get(id=user_id)
movie = Movie(**body, added_by=user)
movie.save()
user.update(push__movies=movie)
user.save()
id = movie.id
return {'id': str(id)}, 200
except (FieldDoesNotExist, ValidationError):
raise SchemaValidationError
except NotUniqueError:
raise MovieAlreadyExistsError
except Exception as e:
raise InternalServerError
Here you can see we have wrapped the whole view opetations in try...except
block. We have performed an exception chaining, so that when we get any exception we throw the exception which we have defined in errors.py
and flask-restful
generates a response based on the values we defined in errors
dictionary.
When there is FieldDoesNotExist
exception or ValidationError
exception from mongoengine
we raise SchemaValidationError
exception which tells the client that their request JSON is invalid. Similarly, when a user tries to create a movie with the name which already exists mongoengine
throws NotUniqueError
exception and by catching that exception we raise MovieAlreadyExistsError
which tells the user that the movie name already exists.
And lastly, if we get an exception that we have not expected then we throw an InternalServerError
.
Let's add similar exception handling to our auth.py
#~/movie-bag/resources/auth.py
from database.models import User
from flask_restful import Resource
import datetime
+from mongoengine.errors import FieldDoesNotExist, NotUniqueError, DoesNotExist
+from resources.errors import SchemaValidationError, EmailAlreadyExistsError, UnauthorizedError, \
+InternalServerError
class SignupApi(Resource):
def post(self):
- body = request.get_json()
- user = User(**body)
- user.hash_password()
- user.save()
- id = user.id
- return {'id': str(id)}, 200
+ try:
+ body = request.get_json()
+ user = User(**body)
+ user.hash_password()
+ user.save()
+ id = user.id
+ return {'id': str(id)}, 200
+ except FieldDoesNotExist:
+ raise SchemaValidationError
+ except NotUniqueError:
+ raise EmailAlreadyExistsError
+ except Exception as e:
+ raise InternalServerError
class LoginApi(Resource):
def post(self):
- body = request.get_json()
- user = User.objects.get(email=body.get('email'))
- authorized = user.check_password(body.get('password'))
- if not authorized:
- return {'error': 'Email or password invalid'}, 401
- expires = datetime.timedelta(days=7)
- access_token = create_access_token(identity=str(user.id), expires_delta=expires)
- return {'token': access_token}, 200
+ try:
+ body = request.get_json()
+ user = User.objects.get(email=body.get('email'))
+ authorized = user.check_password(body.get('password'))
+ if not authorized:
+ raise UnauthorizedError
+
+ expires = datetime.timedelta(days=7)
+ access_token = create_access_token(identity=str(user.id), expires_delta=expires)
+ return {'token': access_token}, 200
+ except (UnauthorizedError, DoesNotExist):
+ raise UnauthorizedError
+ except Exception as e:
+ raise InternalServerError
That's it, people. Now, when there is an error in our application we get a proper error message with relevant status code.
Let's try creating a user with /api/auth/signup
with any email address, let's say testemail@gmail.com
. Now again try to create another user with the same email address. We get a response like this:
{
"message": "User with given email address already exists",
"status": 400
}
Now, the user of our application can easily know what went wrong.
You can find the complete code of this part here
What we learned from this part of the series?
- How to handle exceptions in our flask application using exception chaining.
- How to send the error message and status code based on the exception occurred.
In the next part of the series, we are going to learn how to perform a password reset in our application.
Until then happy coding 😊
Top comments (15)
very good article! thanks
please update the above link, you current references a 404 this is the new link:
flask-restful.readthedocs.io/en/la...
a minor addition:
in the new docs its says:
"Note: Custom Exceptions must have HTTPException as the base Exception."
if i do change the errors in the dictionary to extends HTTPException instead of Exception i get:
otherwise its an http 500 error and the flask debugging views ( html)
Thanks
[UPDATE]: I've found another working workaround (I think you too ;) ) : github.com/vimalloc/flask-jwt-exte...
Very nice article series! Thanks a lot for the great stuff!
One question: have you tried accessing the protected endpoints without passing the Authorization header? According to my test, it will throw a 500 instead of expected 401. It seems that the error handling framework could not catch the internal NoAuthorizationError from jwt_extended properly.
I tried one suggestion from github.com/flask-restful/flask-res... . However, it will make the situation even worse: NoAuthorizationError can be properly returned, but all other self-defined errors could not be caught. Do you have a better solution to that?
Haha glad that you found it ;) I asked the question there while writing the article and got the answer back after I have published the article.
Thanks for editing your comment to help others :)
Great Tutorials, thanks.
This exceptions didn't work to me, until i replaced "Exception" with "HTTPException".
maybe there was a change ....
see here the last line in the page:
flask-restful.readthedocs.io/en/la...
following the code the error was raised but did not get the friendly json message.. what is wrong?
I was having that trouble but if you turn debug off i.e. app.run() rather than app.run(debug=True)
it works for me
Please have a look at the GitHub link and see if you missed anything.
If it doesn't work out please let me know what you tried, and where the error occurred.
Hi. Great articles. Cant wait till you make a frontend implementation series (as promised in ;) )
How come you havn't made a "ExpiredTokenError" in errors.py when it's raised in reset_password.py?
Oh yeah, I forgot about that promise ;)
Hopefully, I can start the frontend series soon. Before that, I want to make some improvements to this backend like adding images.
About
ExpiredTokenError
that's a mistake, I should add ExpiredTokenError in errors.py as well.Hi Paurakh,
How to import in case of 2 different error modules, for example
resource_errors and user_errors?
I tried as below but its not working
from resources.errors import resource_errors
from user.errors import user_errors
api = Api(app, errors={'user_errors':user_errors, 'resource_errors':resource_errors})
Will be great if you can suggest me what i am doing wrong?
I Found a solution,
the parameter error accepts only dictionary, so merge the different error dictionary into one and then pass that dictionary
example:
collective_errors = {**user_errors, **resource_errors}
api = Api(app, errors=collective_errors)
Hey Paurakh Sharma Humagain I've been getting this error (TypeError: init() takes 1 positional argument but 2 were given) more often on the ListField as well as the ReferenceField. Please help me out How can i go past this error?
Great implementation!
One quick note, you can avoid handling your exceptions with try-catch by extending the HTTPException class.
FlaskRESTful will handle these exceptions for you.
Secondly, you can avoid defining a 'pass' in error classes like InternalServerError, seeing the it already exists in Werkzeug.
FlaskRESTful will access your errors dictionary and display your JSON.
Lovely read once again, you improved my understanding.
Cheers.
How do I pass some custom "message" or "info" data/fields to the Errors defined in this manner?
This is one of the best tutorials I have ever folowed, the best part being that everything works. I did not have to look up why things aren't working.