Merge pull request #14133 from Budibase/return-unauthorized-instead-of-forbidden

Return 401 instead of 403
This commit is contained in:
Adria Navarro 2024-07-12 11:17:10 +02:00 committed by GitHub
commit 578281fb2e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 11 additions and 11 deletions

View File

@ -203,7 +203,7 @@ describe("/permission", () => {
// replicate changes before checking permissions
await config.publish()
await config.api.viewV2.publicSearch(view.id, undefined, { status: 403 })
await config.api.viewV2.publicSearch(view.id, undefined, { status: 401 })
})
it("should ignore the view permissions if the flag is not on", async () => {
@ -221,7 +221,7 @@ describe("/permission", () => {
await config.publish()
await config.api.viewV2.publicSearch(view.id, undefined, {
status: 403,
status: 401,
})
})
@ -250,8 +250,8 @@ describe("/permission", () => {
.send(basicRow(table._id))
.set(config.publicHeaders())
.expect("Content-Type", /json/)
.expect(403)
expect(res.status).toEqual(403)
.expect(401)
expect(res.status).toEqual(401)
})
})

View File

@ -151,7 +151,7 @@ export const checkPermissionsEndpoint = async ({
await exports
.createRequest(config.request, method, url, body)
.set(failHeader)
.expect(403)
.expect(401)
}
export const getDB = () => {

View File

@ -1490,7 +1490,7 @@ describe.each([
it("does not allow public users to fetch by default", async () => {
await config.publish()
await config.api.viewV2.publicSearch(view.id, undefined, {
status: 403,
status: 401,
})
})
@ -1534,7 +1534,7 @@ describe.each([
await config.publish()
await config.api.viewV2.publicSearch(view.id, undefined, {
status: 403,
status: 401,
})
})
})

View File

@ -96,7 +96,7 @@ const authorized =
}
if (!ctx.user) {
return ctx.throw(403, "No user info found")
return ctx.throw(401, "No user info found")
}
// get the resource roles
@ -148,7 +148,7 @@ const authorized =
// check authenticated
if (!ctx.isAuthenticated) {
return ctx.throw(403, "Session not authenticated")
return ctx.throw(401, "Session not authenticated")
}
// check general builder stuff, this middleware is a good way

View File

@ -105,7 +105,7 @@ describe("Authorization middleware", () => {
it("throws when no user data is present in context", async () => {
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "No user info found")
expect(config.throw).toHaveBeenCalledWith(401, "No user info found")
})
it("passes on to next() middleware if user is an admin", async () => {
@ -157,7 +157,7 @@ describe("Authorization middleware", () => {
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(
403,
401,
"Session not authenticated"
)
})