GET /api/1.3/cdns returns wrong response code and response format when unauthorized or forbidden #1829

mitchell852 · 2018-01-31T19:49:51Z

If you try to access GET /api/1.3/cdns without being logged in (i.e. no valid cookie) the response should look like this:

401 Unauthorized

{
alerts: [
{
level: "error",
text: "Unauthorized, please log in."
}
]
}

If you are authenticated (your login cookie is valid) but your user doesn't have the proper priv level, the response should look like this:

403 Forbidden

{
alerts: [
{
level: "error",
text: "Forbidden."
}
]
}

mitchell852 added bug something isn't working as intended Traffic Ops API (golang) regression bug a bug in existing functionality introduced by a new version labels Jan 31, 2018

mitchell852 added this to the 2.2.0 milestone Jan 31, 2018

mitchell852 added this to To Do in TO API Golang Rewrite via automation Jan 31, 2018

DylanVolz mentioned this issue Jan 31, 2018

fix authorization handling to use alerts and handle forbidden properly #1835

Merged

dangogh closed this as completed in #1835 Feb 1, 2018

TO API Golang Rewrite automation moved this from To Do to Done Feb 1, 2018

mitchell852 added the critical label Jul 18, 2018

mitchell852 removed the bug something isn't working as intended label Aug 28, 2020

mitchell852 added the high impact impacts the basic function, deployment, or operation of a CDN label Nov 16, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GET /api/1.3/cdns returns wrong response code and response format when unauthorized or forbidden #1829

GET /api/1.3/cdns returns wrong response code and response format when unauthorized or forbidden #1829

mitchell852 commented Jan 31, 2018

GET /api/1.3/cdns returns wrong response code and response format when unauthorized or forbidden #1829

GET /api/1.3/cdns returns wrong response code and response format when unauthorized or forbidden #1829

Comments

mitchell852 commented Jan 31, 2018