loading...
Cover image for Flask Rest API -Part:4- Exception Handling

Flask Rest API -Part:4- Exception Handling

paurakhsharma profile image Paurakh Sharma Humagain ・5 min read

Part 4: Exception Handling

Howdy! In the previous Part of the series, we learned how we can add authentication and authorization. In this part, we are going to learn how we can make our flask application more resilient to errors, and how to send a proper error message to the client.

When something goes wrong in a computer program, the program throws a specific Exception giving some hint to the user what went wrong. In our application when something goes wrong e.g user tries to create another account with the already used email address, they get an Internal Server Error and the client has no idea what they did wrong. So, to solve such issues we are going to use Exception Handling to catch such exceptions and send a proper error message to the client indicating what went wrong.

We are going to use a really useful feature of flask-restful which lets us define Custom Error Messages.

Let's create a new file errors.py inside the resources folder and add the following code:

cd resources
touch errors.py
#~/movie-bag/resources/errors.py

class InternalServerError(Exception):
    pass

class SchemaValidationError(Exception):
    pass

class MovieAlreadyExistsError(Exception):
    pass

class UpdatingMovieError(Exception):
    pass

class DeletingMovieError(Exception):
    pass

class MovieNotExistsError(Exception):
    pass

class EmailAlreadyExistsError(Exception):
    pass

class UnauthorizedError(Exception):
    pass

errors = {
    "InternalServerError": {
        "message": "Something went wrong",
        "status": 500
    },
     "SchemaValidationError": {
         "message": "Request is missing required fields",
         "status": 400
     },
     "MovieAlreadyExistsError": {
         "message": "Movie with given name already exists",
         "status": 400
     },
     "UpdatingMovieError": {
         "message": "Updating movie added by other is forbidden",
         "status": 403
     },
     "DeletingMovieError": {
         "message": "Deleting movie added by other is forbidden",
         "status": 403
     },
     "MovieNotExistsError": {
         "message": "Movie with given id doesn't exists",
         "status": 400
     },
     "EmailAlreadyExistsError": {
         "message": "User with given email address already exists",
         "status": 400
     },
     "UnauthorizedError": {
         "message": "Invalid username or password",
         "status": 401
     }
}

As you can see first we have extended the Exception class to create different custom exceptions and then we created an errors dictionary, which contains the error message and status codes for each exception. Now, we need to add these errors to the flask-restful Api class.

Update app.py to import recently created errors dictionary and add this as a parameter to Api class.

#~/movie-bag/app.py

from database.db import initialize_db
 from flask_restful import Api
 from resources.routes import initialize_routes
+from resources.errors import errors

 app = Flask(__name__)
 app.config.from_envvar('ENV_FILE_LOCATION')

-api = Api(app)
+api = Api(app, errors=errors)
 bcrypt = Bcrypt(app)
 jwt = JWTManager(app)

Finally, we are ready to perform some exception handling in our application. Update movie.py view functions according to the following:

#~/movie-bag/resources/movie.py
 from flask import Response, request
 from database.models import Movie, User
 from flask_jwt_extended import jwt_required, get_jwt_identity
 from flask_restful import Resource
+
+from mongoengine.errors import FieldDoesNotExist, \
+NotUniqueError, DoesNotExist, ValidationError, InvalidQueryError
+
+from resources.errors import SchemaValidationError, +MovieAlreadyExistsError, \
+InternalServerError, UpdatingMovieError, DeletingMovieError, +MovieNotExistsError
+

 class MoviesApi(Resource):
     def get(self):
@@ -11,32 +15,57 @@ class MoviesApi(Resource):

     @jwt_required
     def post(self):
-        user_id = get_jwt_identity()
-        body = request.get_json()
-        user = User.objects.get(id=user_id)
-        movie =  Movie(**body, added_by=user)
-        movie.save()
-        user.update(push__movies=movie)
-        user.save()
-        id = movie.id
-        return {'id': str(id)}, 200
-        
+        try:
+            user_id = get_jwt_identity()
+            body = request.get_json()
+            user = User.objects.get(id=user_id)
+            movie =  Movie(**body, added_by=user)
+            movie.save()
+            user.update(push__movies=movie)
+            user.save()
+            id = movie.id
+            return {'id': str(id)}, 200
+        except (FieldDoesNotExist, ValidationError):
+            raise SchemaValidationError
+        except NotUniqueError:
+            raise MovieAlreadyExistsError
+        except Exception as e:
+            raise InternalServerError
+
+
 class MovieApi(Resource):
     @jwt_required
     def put(self, id):
-        user_id = get_jwt_identity()
-        movie = Movie.objects.get(id=id, added_by=user_id)
-        body = request.get_json()
-        Movie.objects.get(id=id).update(**body)
-        return '', 200
+        try:
+            user_id = get_jwt_identity()
+            movie = Movie.objects.get(id=id, added_by=user_id)
+            body = request.get_json()
+            Movie.objects.get(id=id).update(**body)
+            return '', 200
+        except InvalidQueryError:
+            raise SchemaValidationError
+        except DoesNotExist:
+            raise UpdatingMovieError
+        except Exception:
+            raise InternalServerError       

     @jwt_required
     def delete(self, id):
-        user_id = get_jwt_identity()
-        movie = Movie.objects.get(id=id, added_by=user_id)
-        movie.delete()
-        return '', 200
+        try:
+            user_id = get_jwt_identity()
+            movie = Movie.objects.get(id=id, added_by=user_id)
+            movie.delete()
+            return '', 200
+        except DoesNotExist:
+            raise DeletingMovieError
+        except Exception:
+            raise InternalServerError

     def get(self, id):
-        movies = Movie.objects.get(id=id).to_json()
-        return Response(movies, mimetype="application/json", status=200)
+        try:
+            movies = Movie.objects.get(id=id).to_json()
+            return Response(movies, mimetype="application/json", status=200)
+        except DoesNotExist:
+            raise MovieNotExistsError
+        except Exception:
+            raise InternalServerError


Let's see the example of post method in MoviesApi class:

def post(self):
  try:
      user_id = get_jwt_identity()
      body = request.get_json()
      user = User.objects.get(id=user_id)
      movie =  Movie(**body, added_by=user)
      movie.save()
      user.update(push__movies=movie)
      user.save()
      id = movie.id
      return {'id': str(id)}, 200
  except (FieldDoesNotExist, ValidationError):
      raise SchemaValidationError
  except NotUniqueError:
      raise MovieAlreadyExistsError
  except Exception as e:
      raise InternalServerError

Here you can see we have wrapped the whole view opetations in try...except block. We have performed an exception chaining, so that when we get any exception we throw the exception which we have defined in errors.py and flask-restful generates a response based on the values we defined in errors dictionary.

When there is FieldDoesNotExist exception or ValidationError exception from mongoengine we raise SchemaValidationError exception which tells the client that their request JSON is invalid. Similarly, when a user tries to create a movie with the name which already exists mongoengine throws NotUniqueError exception and by catching that exception we raise MovieAlreadyExistsError which tells the user that the movie name already exists.

And lastly, if we get an exception that we have not expected then we throw an InternalServerError.

Let's add similar exception handling to our auth.py

#~/movie-bag/resources/auth.py

 from database.models import User
 from flask_restful import Resource
 import datetime
+from mongoengine.errors import FieldDoesNotExist, NotUniqueError, DoesNotExist
+from resources.errors import SchemaValidationError, EmailAlreadyExistsError, UnauthorizedError, \
+InternalServerError

 class SignupApi(Resource):
     def post(self):
-        body = request.get_json()
-        user =  User(**body)
-        user.hash_password()
-        user.save()
-        id = user.id
-        return {'id': str(id)}, 200
+        try:
+            body = request.get_json()
+            user =  User(**body)
+            user.hash_password()
+            user.save()
+            id = user.id
+            return {'id': str(id)}, 200
+        except FieldDoesNotExist:
+            raise SchemaValidationError
+        except NotUniqueError:
+            raise EmailAlreadyExistsError
+        except Exception as e:
+            raise InternalServerError

 class LoginApi(Resource):
     def post(self):
-        body = request.get_json()
-        user = User.objects.get(email=body.get('email'))
-        authorized = user.check_password(body.get('password'))
-        if not authorized:
-            return {'error': 'Email or password invalid'}, 401
-        expires = datetime.timedelta(days=7)
-        access_token = create_access_token(identity=str(user.id), expires_delta=expires)
-        return {'token': access_token}, 200
+        try:
+            body = request.get_json()
+            user = User.objects.get(email=body.get('email'))
+            authorized = user.check_password(body.get('password'))
+            if not authorized:
+                raise UnauthorizedError
+ 
+            expires = datetime.timedelta(days=7)
+            access_token = create_access_token(identity=str(user.id), expires_delta=expires)
+            return {'token': access_token}, 200
+        except (UnauthorizedError, DoesNotExist):
+            raise UnauthorizedError
+        except Exception as e:
+            raise InternalServerError

That's it, people. Now, when there is an error in our application we get a proper error message with relevant status code.

Let's try creating a user with /api/auth/signup with any email address, let's say testemail@gmail.com. Now again try to create another user with the same email address. We get a response like this:

{
    "message": "User with given email address already exists",
    "status": 400
}

Now, the user of our application can easily know what went wrong.

You can find the complete code of this part here

What we learned from this part of the series?

  • How to handle exceptions in our flask application using exception chaining.
  • How to send the error message and status code based on the exception occurred.


In the next part of the series, we are going to learn how to perform a password reset in our application.

Until then happy coding 😊

Posted on by:

paurakhsharma profile

Paurakh Sharma Humagain

@paurakhsharma

Full-StackOverflow developer. I love instructing computers to do stuffs.

Discussion

pic
Editor guide
 

very good article! thanks

please update the above link, you current references a 404 this is the new link:

flask-restful.readthedocs.io/en/la...

a minor addition:

in the new docs its says:

"Note: Custom Exceptions must have HTTPException as the base Exception."

if i do change the errors in the dictionary to extends HTTPException instead of Exception i get:

   ~  curl -v -X POST --header 'Content-Type: application/json' -d '{"password":"Password20", "email":"user212@mail.com", "phone":"016553225644"}' 'http://127.0.0.1:8888/user/register'                                                               ✔  22:30:26 
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 127.0.0.1:8888...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8888 (#0)
> POST /user/register HTTP/1.1
> Host: 127.0.0.1:8888
> User-Agent: curl/7.65.3
> Accept: */*
> Content-Type: application/json
> Content-Length: 80
>
* upload completely sent off: 80 out of 80 bytes
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: text/html
< Content-Length: 121
< Server: Werkzeug/0.16.0 Python/3.7.6
< Date: Mon, 23 Mar 2020 21:30:28 GMT
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>None Unknown Error</title>
<h1>Unknown Error</h1>
<p></p>
* Closing connection 0

otherwise its an http 500 error and the flask debugging views ( html)

Thanks

 

[UPDATE]: I've found another working workaround (I think you too ;) ) : github.com/vimalloc/flask-jwt-exte...

Very nice article series! Thanks a lot for the great stuff!
One question: have you tried accessing the protected endpoints without passing the Authorization header? According to my test, it will throw a 500 instead of expected 401. It seems that the error handling framework could not catch the internal NoAuthorizationError from jwt_extended properly.
I tried one suggestion from github.com/flask-restful/flask-res... . However, it will make the situation even worse: NoAuthorizationError can be properly returned, but all other self-defined errors could not be caught. Do you have a better solution to that?

 

Haha glad that you found it ;) I asked the question there while writing the article and got the answer back after I have published the article.
Thanks for editing your comment to help others :)

 

following the code the error was raised but did not get the friendly json message.. what is wrong?

 

I was having that trouble but if you turn debug off i.e. app.run() rather than app.run(debug=True)
it works for me

 

Please have a look at the GitHub link and see if you missed anything.
If it doesn't work out please let me know what you tried, and where the error occurred.

 

Hi. Great articles. Cant wait till you make a frontend implementation series (as promised in ;) )
How come you havn't made a "ExpiredTokenError" in errors.py when it's raised in reset_password.py?

 

Oh yeah, I forgot about that promise ;)
Hopefully, I can start the frontend series soon. Before that, I want to make some improvements to this backend like adding images.

About ExpiredTokenError that's a mistake, I should add ExpiredTokenError in errors.py as well.

 

How do I pass some custom "message" or "info" data/fields to the Errors defined in this manner?