Skip to content

fix: gracefully handle missing active session on download routes (fixes #415)#416

Merged
SeaCelo merged 2 commits intoEAPD-DRB:mainfrom
tejassinghbhati:fix-empty-session-crash-415
Apr 9, 2026
Merged

fix: gracefully handle missing active session on download routes (fixes #415)#416
SeaCelo merged 2 commits intoEAPD-DRB:mainfrom
tejassinghbhati:fix-empty-session-crash-415

Conversation

@tejassinghbhati
Copy link
Copy Markdown
Contributor

@tejassinghbhati tejassinghbhati commented Apr 4, 2026

Linked issue

Existing related work reviewed

Overlap assessment

  • Classification: Bug Fix / Edge Case Logic Fix
  • Overlapping items: PR [v5.5] Backend/runtime port: safe routes, logging, resData fixes #407 touches missing resData handling, but entirely misses the missing session vulnerabilities in the download endpoints.
  • Why this is not duplicate/superseded: No other PR addresses the missing session checks and TypeError crashes specifically occurring across the file download routes.

Why this PR should proceed

  • It addresses a critical crash (500 Internal Server Error) that occurs when any of the 5 download routes are accessed without a correctly initialized active session, safely catching the error and returning an appropriate 400 response.

Summary

  • What changed: In API/Routes/DataFile/DataFileRoute.py (4 routes) and API/Routes/Case/CaseRoute.py (1 route), added conditional block if case is None: returning a graceful 400 JSON response instead of blindly continuing to the dataset lookup.
  • Why: The pathlib.Path constructor requires a string and cannot process a returned None from session.get('osycase', None). Doing so throws an unhandled TypeError in the route's primary thread, crashing the Flask route.

Validation

  • Tests added/updated (or not applicable)
  • Validation steps documented
  • Evidence attached (logs/screenshots/output as relevant)

Documentation

  • Docs updated in this PR (or not applicable)
  • Any setup/workflow changes reflected in repo docs

Scope check

  • No unrelated refactors
  • Implemented from a feature branch
  • Change is deliverable without upstream OSeMOSYS/MUIO dependency
  • Base repo/branch is EAPD-DRB/MUIOGO:main (not upstream)

Exception rationale

This was referenced Apr 9, 2026
Closed
Closed
@SeaCelo SeaCelo force-pushed the fix-empty-session-crash-415 branch from 8d941f7 to cdba5d1 Compare April 9, 2026 20:40
@SeaCelo SeaCelo mentioned this pull request Apr 9, 2026
Closed
@SeaCelo
Copy link
Copy Markdown
Collaborator

SeaCelo commented Apr 9, 2026

@tejassinghbhati and @krrishrastogi05 thank you for working on this issue. I'm merging this PR, with a few additional fixes.

@SeaCelo SeaCelo merged commit 5f8f89a into EAPD-DRB:main Apr 9, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Unhandled TypeError (500 crash) in download endpoints when active case session is missing

2 participants

@tejassinghbhati @SeaCelo