Error 500 when supplying wrong Authorization token #563

New Issue

MrUnknownDE · 2026-04-05T16:43:24+02:00

MrUnknownDE commented

2026-04-05 16:43:24 +02:00

Originally created by @joernheissler on 1/15/2026

NetBox Edition

NetBox Community

NetBox Version

v4.5.0

Python Version

3.13

Steps to Reproduce

Configure logging: https://docs.djangoproject.com/en/6.0/topics/logging/#id3
(not required to reproduce, only to see stack trace)

curl -i -H 'Authorization: Bearer hello.world' https://demo.netbox.dev/media/foobar

Expected Behavior

Some 4xx error, maybe 401 or generic 400.

Observed Behavior

HTTP/1.1 500 Internal Server Error
...
<pre class="block"><strong>&lt;class &#x27;rest_framework.exceptions.AuthenticationFailed&#x27;&gt;</strong><br />
Invalid v1 token

Python version: 3.12.3
NetBox version: 4.5.0
Plugins: 
  netbox_demo: 0.5.0
</pre>
...

journalctl -u netbox.service shows:

Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Internal Server Error: /media/foobar
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last):
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox/netbox/netbox/middleware.py", line 128, in __call__
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     username = request.META[self.header]
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:                ~~~~~~~~~~~~^^^^^^^^^^^^^
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: KeyError: 'HTTP_REMOTE_USER'
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: During handling of the above exception, another exception occurred:
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last):
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox/netbox/netbox/api/authentication.py", line 63, in authenticate
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     token = qs.get(version=version, plaintext=plaintext)
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/db/models/query.py", line 635, in get
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     raise self.model.DoesNotExist(
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:         "%s matching query does not exist." % self.model._meta.object_name
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     )
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: users.models.tokens.Token.DoesNotExist: Token matching query does not exist.
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: During handling of the above exception, another exception occurred:
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last):
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     response = get_response(request)
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/core/handlers/base.py", line 197, in _get_response
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     response = wrapped_callback(request, *callback_args, **callback_kwargs)
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/views/generic/base.py", line 105, in view
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     return self.dispatch(request, *args, **kwargs)
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:            ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox/netbox/utilities/views.py", line 53, in dispatch
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     auth_info = authenticator.authenticate(request)
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:   File "/opt/netbox/netbox/netbox/api/authentication.py", line 71, in authenticate
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]:     raise exceptions.AuthenticationFailed(f"Invalid v{version} token")
Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: rest_framework.exceptions.AuthenticationFailed: Invalid v1 token

*Originally created by @joernheissler on 1/15/2026* ### NetBox Edition NetBox Community ### NetBox Version v4.5.0 ### Python Version 3.13 ### Steps to Reproduce Configure logging: https://docs.djangoproject.com/en/6.0/topics/logging/#id3 (not required to reproduce, only to see stack trace) ``` curl -i -H 'Authorization: Bearer hello.world' https://demo.netbox.dev/media/foobar ``` ### Expected Behavior Some 4xx error, maybe 401 or generic 400. ### Observed Behavior ``` HTTP/1.1 500 Internal Server Error ... <pre class="block"><strong><class 'rest_framework.exceptions.AuthenticationFailed'></strong><br /> Invalid v1 token Python version: 3.12.3 NetBox version: 4.5.0 Plugins: netbox_demo: 0.5.0 </pre> ... ``` `journalctl -u netbox.service` shows: ``` Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Internal Server Error: /media/foobar Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last): Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox/netbox/netbox/middleware.py", line 128, in __call__ Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: username = request.META[self.header] Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: ~~~~~~~~~~~~^^^^^^^^^^^^^ Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: KeyError: 'HTTP_REMOTE_USER' Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: During handling of the above exception, another exception occurred: Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last): Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox/netbox/netbox/api/authentication.py", line 63, in authenticate Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: token = qs.get(version=version, plaintext=plaintext) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/db/models/query.py", line 635, in get Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: raise self.model.DoesNotExist( Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: "%s matching query does not exist." % self.model._meta.object_name Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: ) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: users.models.tokens.Token.DoesNotExist: Token matching query does not exist. Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: During handling of the above exception, another exception occurred: Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: Traceback (most recent call last): Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: response = get_response(request) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/core/handlers/base.py", line 197, in _get_response Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: response = wrapped_callback(request, *callback_args, **callback_kwargs) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox-4.5.0/venv/lib/python3.13/site-packages/django/views/generic/base.py", line 105, in view Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: return self.dispatch(request, *args, **kwargs) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^ Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox/netbox/utilities/views.py", line 53, in dispatch Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: auth_info = authenticator.authenticate(request) Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: File "/opt/netbox/netbox/netbox/api/authentication.py", line 71, in authenticate Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: raise exceptions.AuthenticationFailed(f"Invalid v{version} token") Jan 15 18:24:12 netbox-stg1 gunicorn[3021440]: rest_framework.exceptions.AuthenticationFailed: Invalid v1 token ```

MrUnknownDE closed this issue

2026-04-05 16:43:24 +02:00

Sign in to join this conversation.

Branches Tags

main

21455-sql-indexes-audit

21357-register-model-actions

feature

20924-plugin-ui-components

21766-improve-test-coverage-for-sortable-table-columns

21157-export-template-public-models

21025-pre-render-config-contexts

21364-swagger

feature-ip-prefix-link

20911-dropdown-3

fix_module_substitution

21160-filterset

20911-dropdown-2

20044-elevation-stuck-lightmode

7604-filter-modifiers-v3

20660-script-load

19724-graphql

14884-script

19720-macaddress-interface-generic-relation

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

No Label netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox netbox severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low severity: low status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted status: accepted type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug type: bug

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/netbox#563