Fixing some confusion between 401 vs 403 error code. 401 indicates that the user should attempt to authenticate again. Where as 403 indicates the user is authenticated but not allowed to complete an action. (#804)
Closes #767
This commit is contained in:
parent
7ad471a810
commit
307a73c752
|
@ -164,17 +164,17 @@ class Ping(Resource):
|
|||
algo = header_data['alg']
|
||||
break
|
||||
else:
|
||||
return dict(message='Key not found'), 403
|
||||
return dict(message='Key not found'), 401
|
||||
|
||||
# validate your token based on the key it was signed with
|
||||
try:
|
||||
jwt.decode(id_token, secret.decode('utf-8'), algorithms=[algo], audience=args['clientId'])
|
||||
except jwt.DecodeError:
|
||||
return dict(message='Token is invalid'), 403
|
||||
return dict(message='Token is invalid'), 401
|
||||
except jwt.ExpiredSignatureError:
|
||||
return dict(message='Token has expired'), 403
|
||||
return dict(message='Token has expired'), 401
|
||||
except jwt.InvalidTokenError:
|
||||
return dict(message='Token is invalid'), 403
|
||||
return dict(message='Token is invalid'), 401
|
||||
|
||||
user_params = dict(access_token=access_token, schema='profile')
|
||||
|
||||
|
|
|
@ -271,7 +271,7 @@ class CertificatesList(AuthenticatedResource):
|
|||
data['creator'] = g.user
|
||||
return service.create(**data)
|
||||
|
||||
return dict(message="You are not authorized to use {0}".format(data['authority'].name)), 403
|
||||
return dict(message="You are not authorized to use the authority: {0}".format(data['authority'].name)), 403
|
||||
|
||||
|
||||
class CertificatesUpload(AuthenticatedResource):
|
||||
|
|
|
@ -106,7 +106,7 @@
|
|||
|
||||
// handle situation where our token has become invalid.
|
||||
RestangularConfigurer.setErrorInterceptor(function (response) {
|
||||
if (response.status === 403) {
|
||||
if (response.status === 401) {
|
||||
$auth.logout();
|
||||
$location.path('/login');
|
||||
return false;
|
||||
|
|
Loading…
Reference in New Issue