Fail gracefully on API errors

craigloftus · craigloftus · commit be246f89016f · 2018-03-02T08:10:20.000Z
diff --git a/pwned/app_settings.py b/pwned/app_settings.py
@@ -3,7 +3,7 @@
 
 DEFAULTS = {
     'ENDPOINT': 'https://api.pwnedpasswords.com/range/',
-    'TIMEOUT': 1, # The default is conservative, it should be <20ms typically, 500ms if uncached
+    'TIMEOUT': 2, # The default is conservative, it should be <20ms typically, 500ms if uncached
     'PREFIX_LENGTH': 5,
     'OCCURRENCE_THRESHOLD': 1, # How many occurrences is too many
     'USER-AGENT': 'github.com/craigloftus/django-pwned-validator',
diff --git a/pwned/client.py b/pwned/client.py
@@ -1,20 +1,27 @@
 from hashlib import sha1
+import logging
 import requests
 
 from . import app_settings
 
 
+logger = logging.getLogger(__name__)
+
+
 session = requests.Session()
 session.headers.update({'User-Agent': app_settings.PWNED['USER-AGENT']})
 
 
 class PwnedClient:
 
     def fetch_range(self, prefix):
-        # TODO Check for and log errors
-        url = ''.join([app_settings.PWNED['ENDPOINT'], prefix])
-        resp = session.get(url, timeout=app_settings.PWNED['TIMEOUT'])
-        return resp.text
+        try:
+            url = ''.join([app_settings.PWNED['ENDPOINT'], prefix])
+            resp = session.get(url, timeout=app_settings.PWNED['TIMEOUT'])
+            return resp.text
+        except requests.exceptions.RequestException as e:
+            logger.exception("Request to Pwned Password API failed. Validation skipped.")
+            return ""
 
     def parse_range(self, raw_range):
         """
diff --git a/tests/test_validators.py b/tests/test_validators.py
@@ -1,6 +1,7 @@
 import pytest
 
 from django.core.exceptions import ValidationError
+from requests.exceptions import Timeout
 
 from pwned.validators import PwnedValidator
 
@@ -16,3 +17,14 @@ def test_validator_found():
 def test_validator_not_found():
     validator = PwnedValidator()
     validator.validate('8CEF1E00B20F463C1E48B589B03660D4E3B9EF7A')
+
+
+def test_validator_api_unreachable(caplog, monkeypatch):
+    def raiser(*args, **kwargs):
+        raise Timeout()
+    monkeypatch.setattr('requests.sessions.Session.get', raiser)
+    validator = PwnedValidator()
+    # Shouldn't throw a ValidationError
+    validator.validate('password')
+    for record in caplog.records:
+        assert record.levelname == 'ERROR'
