From d967855652c3332ec1e2a4bf8c16a6a049769ce6 Mon Sep 17 00:00:00 2001 From: Raimundo Henriques Date: Wed, 3 Apr 2024 17:55:30 +0100 Subject: [PATCH 1/2] fix: replace error catch AccessDenied with BadRequest --- endpoint/src/api_types.rs | 4 ++-- endpoint/src/main.rs | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/endpoint/src/api_types.rs b/endpoint/src/api_types.rs index ded23f9..0f59bb9 100644 --- a/endpoint/src/api_types.rs +++ b/endpoint/src/api_types.rs @@ -51,8 +51,8 @@ pub(crate) struct PfListingResponseInner { pub(crate) enum EventsApiResponse { #[response(status = 200)] Ok(()), - #[response(status = 403, content_type = "application/json")] - NoAuth(crate::error::AccessDenied), + #[response(status = 400, content_type = "application/json")] + NoAuth(crate::error::BadRequest), #[response(status = 501, content_type = "application/json")] NotImpl(crate::error::NotImplemented), #[response(status = 400, content_type = "application/json")] diff --git a/endpoint/src/main.rs b/endpoint/src/main.rs index 8aafcfc..09e951a 100644 --- a/endpoint/src/main.rs +++ b/endpoint/src/main.rs @@ -323,7 +323,7 @@ fn get_list( offset: usize, filter: Filter, host: Host, -) -> Either { +) -> Either { if auth.is_none() { return Either::Right(Default::default()); } @@ -377,7 +377,7 @@ fn get_footprints( limit: Option, filter: Filter, host: Host, -) -> Either { +) -> Either { let limit = limit.unwrap_or(ACTION_LIST_FOOTPRINTS_MIN_RESULTS); let offset = 0; get_list(auth, limit, offset, filter, host) @@ -388,7 +388,7 @@ fn get_footprints( fn get_pcf( id: PfId, auth: Option, -) -> Either, error::AccessDenied> { +) -> Either, error::BadRequest> { if auth.is_some() { PCF_DEMO_DATA .iter() @@ -401,7 +401,7 @@ fn get_pcf( } #[get("/2/footprints/<_id>", format = "json", rank = 2)] -fn get_pcf_unauth(_id: &str) -> error::AccessDenied { +fn get_pcf_unauth(_id: &str) -> error::BadRequest { Default::default() } @@ -433,7 +433,7 @@ fn post_event( #[post("/2/events", rank = 2)] fn post_event_fallback() -> EventsApiResponse { - EventsApiResponse::NoAuth(error::AccessDenied::default()) + EventsApiResponse::NoAuth(error::BadRequest::default()) } #[get("/")] @@ -447,7 +447,7 @@ fn bad_request() -> error::BadRequest { } #[catch(default)] -fn default_handler() -> error::AccessDenied { +fn default_handler() -> error::BadRequest { Default::default() } @@ -633,7 +633,7 @@ fn get_list_test() { .get(get_list_uri) .header(rocket::http::Header::new("Host", EXAMPLE_HOST)) .dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } } @@ -854,13 +854,13 @@ fn post_events_test() { bearer_token.clone(), )) .dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } // test unauth request { let resp = client.post(post_events_uri).dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } // test authenticated request with OK body @@ -928,7 +928,7 @@ fn get_pcf_test() { { let get_pcf_uri = format!("/2/footprints/{}", PCF_DEMO_DATA[2].id.0); let resp = client.get(get_pcf_uri).dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } // test malformed PCF ID @@ -941,7 +941,7 @@ fn get_pcf_test() { bearer_token.clone(), )) .dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } // test unknown PCF ID { @@ -950,6 +950,6 @@ fn get_pcf_test() { .get(get_pcf_uri) .header(rocket::http::Header::new("Authorization", bearer_token)) .dispatch(); - assert_eq!(rocket::http::Status::Forbidden, resp.status()); + assert_eq!(rocket::http::Status::BadRequest, resp.status()); } } From 9a686f5177b06104bcf3e3b852ed6c4d3c31a297 Mon Sep 17 00:00:00 2001 From: Raimundo Henriques Date: Tue, 9 Apr 2024 12:41:18 +0100 Subject: [PATCH 2/2] docs: update readme --- endpoint/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/endpoint/README.md b/endpoint/README.md index 038bfd8..d2d2678 100644 --- a/endpoint/README.md +++ b/endpoint/README.md @@ -27,7 +27,7 @@ The following endpoints are available: - `/openapi.json`: OpenAPI description file which is automatically generated from the types defined in [`api_types.rs`](src/api_types.rs) and endpoints defined in [`main.rs`](src/main.rs) - Swagger UI: `/swagger-ui/` if you fancy a visualization -No further endpoints are supported by this implementation and all return `{"message":"Access Denied", "code":"AccessDenied"}`. +No further endpoints are supported by this implementation and all return `{"message":"Bad Request","code":"BadRequest"`. ## Credentials