Hi,
It seems that no proper authentication and error handling is performed in specklepy
when a token is invalid or doesn’t have the correct accesses.
When a bad token is used (either completely invalid token, or does not have streams:write
access), during operations.send()
it attempts to send a request to the server, but at some point in the requests
module a 401 error is returned, so the request was unauthorized. I didn’t look very closely into what happens next, but I believe it’s trying to somehow decode the response, but since it was unauthorized, that’s not possible, so finally the error we get is this:
This is the relevant code snippet:
# Create Speckle client
client = SpeckleClient(host=speckle_server_url)
# Authenticate Speckle client
client.authenticate(token=speckle_token)
# Initiate server transport
transport = ServerTransport(client=client, stream_id=stream_id)
# Convert MEP project to Speckle
speckle_project = project.to_speckle()
# Serialize the Speckle object
speckle_obj = operations.send(base=speckle_project, transports=[transport])
During the client.authenticate()
, we would expect that it would be checked if the token is at all valid, but even with a completely invalid token, authenticated
is still set to True
.
And during the operations.send()
, a proper error should be returned if the token is invalid or does not have proper access.