Return HTTP 401 when token is missing

jameswestman · jameswestman · commit b32a6578e22b · 2022-04-20T10:02:05.000-05:00
When the repository returns an HTTP 401 error, flatpak is supposed to
request a token (if it hasn't already) using the authenticator. However,
we currently return a 403, which causes the transaction to fail instead.
diff --git a/src/errors.rs b/src/errors.rs
@@ -117,6 +117,9 @@ pub enum ApiError {
 
     #[fail(display = "NotEnoughPermissions")]
     NotEnoughPermissions(String),
+
+    #[fail(display = "TokenRequired")]
+    TokenRequired,
 }
 
 impl From<DieselError> for ApiError {
@@ -182,6 +185,11 @@ impl ApiError {
                 "error-type": "token-insufficient",
                 "message": format!("Not enough permissions: {}", message),
             }),
+            ApiError::TokenRequired => json!({
+                "status": 401,
+                "error-type": "token-required",
+                "message": "Token required"
+            }),
         }
     }
 
@@ -196,6 +204,7 @@ impl ApiError {
             ApiError::WrongPublishedState(_, _, _) => StatusCode::BAD_REQUEST,
             ApiError::InvalidToken(_) => StatusCode::UNAUTHORIZED,
             ApiError::NotEnoughPermissions(ref _message) => StatusCode::FORBIDDEN,
+            ApiError::TokenRequired => StatusCode::UNAUTHORIZED,
         }
     }
 }
diff --git a/src/tokens.rs b/src/tokens.rs
@@ -74,9 +74,7 @@ impl ClaimsValidator for HttpRequest {
         if let Some(claims) = self.extensions().get::<Claims>() {
             func(claims)
         } else {
-            Err(ApiError::NotEnoughPermissions(
-                "No token specified".to_string(),
-            ))
+            Err(ApiError::TokenRequired)
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,9 @@ pub enum ApiError {`
`117`	`117`
`118`	`118`	`#[fail(display = "NotEnoughPermissions")]`
`119`	`119`	`NotEnoughPermissions(String),`
	`120`	`+`
	`121`	`+ #[fail(display = "TokenRequired")]`
	`122`	`+ TokenRequired,`
`120`	`123`	`}`
`121`	`124`
`122`	`125`	`impl From<DieselError> for ApiError {`
`@@ -182,6 +185,11 @@ impl ApiError {`
`182`	`185`	`"error-type": "token-insufficient",`
`183`	`186`	`"message": format!("Not enough permissions: {}", message),`
`184`	`187`	`}),`
	`188`	`+ ApiError::TokenRequired => json!({`
	`189`	`+ "status": 401,`
	`190`	`+ "error-type": "token-required",`
	`191`	`+ "message": "Token required"`
	`192`	`+ }),`
`185`	`193`	`}`
`186`	`194`	`}`
`187`	`195`
`@@ -196,6 +204,7 @@ impl ApiError {`
`196`	`204`	`ApiError::WrongPublishedState(_, _, _) => StatusCode::BAD_REQUEST,`
`197`	`205`	`ApiError::InvalidToken(_) => StatusCode::UNAUTHORIZED,`
`198`	`206`	`ApiError::NotEnoughPermissions(ref _message) => StatusCode::FORBIDDEN,`
	`207`	`+ ApiError::TokenRequired => StatusCode::UNAUTHORIZED,`
`199`	`208`	`}`
`200`	`209`	`}`
`201`	`210`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,9 +74,7 @@ impl ClaimsValidator for HttpRequest {`
`74`	`74`	`if let Some(claims) = self.extensions().get::<Claims>() {`
`75`	`75`	`func(claims)`
`76`	`76`	`} else {`
`77`		`- Err(ApiError::NotEnoughPermissions(`
`78`		`- "No token specified".to_string(),`
`79`		`- ))`
	`77`	`+ Err(ApiError::TokenRequired)`
`80`	`78`	`}`
`81`	`79`	`}`
`82`	`80`