TornadoIntegration causes "Internal error in sentry_sdk" when used with Celery Flower

[nadavperetz]

How do you use Sentry?

Sentry Saas (sentry.io)

Version

2.24.1

Steps to Reproduce

Environment

• sentry-sdk version: 2.24.1
• Python version: 3.12
• Flower version: 2.0.1
• Tornado version: (bundled with Flower)
• OS: Linux (AWS ECS, aarch64)

Description

When running Celery Flower with Sentry SDK, the TornadoIntegration causes repeated "Internal error in sentry_sdk" log messages approximately every 30 seconds.

This occurs because Sentry's Tornado integration accesses handler.current_user when processing requests, which triggers Flower's get_current_user() method. When requests arrive without valid authentication headers (e.g.,
health checks, monitoring probes), Flower raises HTTPError(401).

Steps to Reproduce

1. Set up Celery with Flower and Sentry SDK
2. Configure Flower with basic auth: --basic_auth=user:password
3. Initialize Sentry SDK (TornadoIntegration is auto-enabled)
4. Send any request to Flower without auth headers (or wait for health checks)

Stack Trace

ERROR utils Internal error in sentry_sdk
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/flower/views/init.py", line 71, in get_current_user
basic, credentials = auth_header.split()
^^^^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 0)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/sentry_sdk/integrations/tornado.py", line 180, in tornado_processor
if handler.current_user and should_send_default_pii():
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/tornado/web.py", line 1474, in current_user
self._current_user = self.get_current_user()
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/flower/views/init.py", line 81, in get_current_user
raise tornado.web.HTTPError(401) from exc
tornado.web.HTTPError: HTTP 401: Unauthorized

Root Cause

In sentry_sdk/integrations/tornado.py line 180:

if handler.current_user and should_send_default_pii():

The handler.current_user property access triggers the handler's get_current_user() method, which can raise exceptions in applications like Flower that implement authentication.

Attempted Workarounds

| Approach                                   | Result                            |
|--------------------------------------------|-----------------------------------|
| disabled_integrations=[TornadoIntegration] | Integration still active          |
| auto_enabling_integrations=False           | Integration still active          |
| before_send filter                         | Doesn't catch internal SDK errors |

Expected Behavior

1. The tornado_processor should gracefully handle exceptions when accessing handler.current_user
2. disabled_integrations should properly prevent the TornadoIntegration from being enabled

Suggested Fix

Wrap the current_user access in a try/except block:

# In tornado_processor function
try:
    current_user = handler.current_user
except Exception:
    current_user = None

if current_user and should_send_default_pii():
    request_info["user"] = {"username": current_user}

Impact

This generates thousands of ERROR-level log entries daily, polluting CloudWatch/logging systems and making it difficult to identify real issues.

Expected Result

1. The tornado_processor should gracefully handle exceptions when accessing handler.current_user. Perhaps show error only once

Actual Result

This generates thousands of ERROR-level log entries daily, polluting CloudWatch/logging systems and making it difficult to identify real issues.

[linear]

PY-2004