CM-38320 - Fix invalid access token exception

.github/workflows/tests.yml

@@ -20,9 +20,10 @@ jobs:
             files.pythonhosted.org
             install.python-poetry.org
             pypi.org
+            *.ingest.us.sentry.io
 
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v4

.github/workflows/tests_full.yml

@@ -33,6 +33,7 @@ jobs:
             files.pythonhosted.org
             install.python-poetry.org
             pypi.org
+            *.ingest.us.sentry.io
 
       - name: Checkout repository
         uses: actions/checkout@v4

cycode/cli/commands/main_cli.py

@@ -12,6 +12,7 @@
 from cycode.cli.consts import (
     CLI_CONTEXT_SETTINGS,
 )
+from cycode.cli.sentry import add_breadcrumb, init_sentry
 from cycode.cli.user_settings.configuration_manager import ConfigurationManager
 from cycode.cli.utils.progress_bar import SCAN_PROGRESS_BAR_SECTIONS, get_progress_bar
 from cycode.cyclient.config import set_logging_level
@@ -60,6 +61,9 @@
 def main_cli(
     context: click.Context, verbose: bool, no_progress_meter: bool, output: str, user_agent: Optional[str]
 ) -> None:
+    init_sentry()
+    add_breadcrumb('cycode')
+
     context.ensure_object(dict)
     configuration_manager = ConfigurationManager()
 

cycode/cli/main.py

@@ -5,15 +5,11 @@
 import pip_system_certs.wrapt_requests  # noqa: F401
 
 from cycode.cli.commands.main_cli import main_cli
-from cycode.cli.sentry import add_breadcrumb, init_sentry
 
 if __name__ == '__main__':
     # DO NOT REMOVE OR MOVE THIS LINE
     # this is required to support multiprocessing in executables files packaged with PyInstaller
     # see https://pyinstaller.org/en/latest/common-issues-and-pitfalls.html#multi-processing
     freeze_support()
 
-    init_sentry()
-    add_breadcrumb('cycode')
-
     main_cli()

cycode/cli/sentry.py

@@ -51,6 +51,7 @@ def init_sentry() -> None:
         dsn=consts.SENTRY_DSN,
         debug=consts.SENTRY_DEBUG,
         release=_get_sentry_release(),
+        server_name='',
         before_send=_before_sentry_event_send,
         sample_rate=consts.SENTRY_SAMPLE_RATE,
         send_default_pii=consts.SENTRY_SEND_DEFAULT_PII,
@@ -61,7 +62,6 @@ def init_sentry() -> None:
             AtexitIntegration(lambda _, __: None)  # disable output to stderr about pending events
         ],
     )
-    sentry_sdk.set_user(None)
 
 
 def setup_scope_from_access_token(access_token: Optional[str]) -> None:

cycode/cli/utils/jwt_utils.py

@@ -1,14 +1,19 @@
-from typing import Tuple
+from typing import Optional, Tuple
 
 import jwt
 
+_JWT_PAYLOAD_POSSIBLE_USER_ID_FIELD_NAMES = ('userId', 'internalId', 'token-user-id')
 
-def get_user_and_tenant_ids_from_access_token(access_token: str) -> Tuple[str, str]:
+
+def get_user_and_tenant_ids_from_access_token(access_token: str) -> Tuple[Optional[str], Optional[str]]:
     payload = jwt.decode(access_token, options={'verify_signature': False})
-    user_id = payload.get('userId')
-    tenant_id = payload.get('tenantId')
 
-    if not user_id or not tenant_id:
-        raise ValueError('Invalid access token')
+    user_id = None
+    for field in _JWT_PAYLOAD_POSSIBLE_USER_ID_FIELD_NAMES:
+        user_id = payload.get(field)
+        if user_id:
+            break
+
+    tenant_id = payload.get('tenantId')
 
     return user_id, tenant_id