print path when Not Authorized

Signed-off-by: Maria Shaldibina <mshaldibina@pivotal.io>
cloudfoundry · Jun 25, 2015 · 4b2ac07 · 4b2ac07
1 parent b6eab67
commit 4b2ac07
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/bosh-director/lib/bosh/director/api/extensions/scoping.rb b/bosh-director/lib/bosh/director/api/extensions/scoping.rb
@@ -37,9 +37,9 @@ def scope(allowed_scope)
             if requires_authentication? && (@user.nil? || !identity_provider.valid_access?(@user, scope))
               response['WWW-Authenticate'] = 'Basic realm="BOSH Director"'
               if @user.nil?
-                message = "Not authorized\n"
+                message = "Not authorized: '#{request.path}'\n"
               else
-                message = "Not authorized: #{request.path} requires one of the scopes: #{identity_provider.required_scopes(scope).join(", ")}\n"
+                message = "Not authorized: '#{request.path}' requires one of the scopes: #{identity_provider.required_scopes(scope).join(", ")}\n"
               end
               throw(:halt, [401, message])
             end

diff --git a/bosh-director/spec/unit/api/extensions/scoping_spec.rb b/bosh-director/spec/unit/api/extensions/scoping_spec.rb
@@ -45,7 +45,7 @@ module Api
             it 'returns a detailed error message' do
               get '/test_route'
               expect(last_response.status).to eq(401)
-              expect(last_response.body).to include("Not authorized: /test_route requires one of the scopes: fake-valid-scope-1, fake-valid-scope-2")
+              expect(last_response.body).to include("Not authorized: '/test_route' requires one of the scopes: fake-valid-scope-1, fake-valid-scope-2")
             end
 
             context 'when identity provider is not UAA' do
@@ -54,7 +54,7 @@ module Api
               it 'return generic error messsage' do
                 get '/test_route'
                 expect(last_response.status).to eq(401)
-                expect(last_response.body).to eq("Not authorized\n")
+                expect(last_response.body).to eq("Not authorized: '/test_route'\n")
               end
             end
           end
@@ -85,7 +85,7 @@ def requires_authentication?
             it 'returns non-authorized' do
               get '/read'
               expect(last_response.status).to eq(401)
-              expect(last_response.body).to include("Not authorized\n")
+              expect(last_response.body).to include("Not authorized: '/read'\n")
             end
           end
         end

diff --git a/spec/integration/uaa/login_spec.rb b/spec/integration/uaa/login_spec.rb
@@ -114,7 +114,7 @@
       it 'can only access read resources' do
         client_env = {'BOSH_CLIENT' => 'read-access', 'BOSH_CLIENT_SECRET' => 'secret'}
         output = deploy_from_scratch(no_login: true, env: client_env, failure_expected: true)
-        expect(output).to include('Not authorized: /deployments requires one of the scopes: bosh.admin, bosh.deadbeef.admin')
+        expect(output).to include(`Not authorized: '/deployments' requires one of the scopes: bosh.admin, bosh.deadbeef.admin`)
 
         output = bosh_runner.run('deployments', env: client_env, failure_expected: true)
         expect(output).to match /No deployments/
@@ -129,10 +129,10 @@
         expect(output).to match /release has been created/
 
         output = bosh_runner.run('task latest --debug', env: read_client_env, failure_expected: true)
-        expect(output).to match /Not authorized: \/tasks\/[0-9]+\/output requires one of the scopes: bosh.admin, bosh.deadbeef.admin/
+        expect(output).to match /Not authorized: '\/tasks\/[0-9]+\/output' requires one of the scopes: bosh.admin, bosh.deadbeef.admin/
 
         output = bosh_runner.run('task latest --cpi', env: read_client_env, failure_expected: true)
-        expect(output).to match /Not authorized: \/tasks\/[0-9]+\/output requires one of the scopes: bosh.admin, bosh.deadbeef.admin/
+        expect(output).to match /Not authorized: '\/tasks\/[0-9]+\/output' requires one of the scopes: bosh.admin, bosh.deadbeef.admin/
 
         output = bosh_runner.run('task latest --debug', env: admin_client_env)
         expect(output).to match /DEBUG/
@@ -150,7 +150,7 @@
 
         # AuthError because verification is happening on director side
         output = bosh_runner.run('vms', env: client_env, failure_expected: true)
-        expect(output).to include('Not authorized: /deployments requires one of the scopes: bosh.admin, bosh.deadbeef.admin, bosh.read, bosh.deadbeef.read')
+        expect(output).to include(`Not authorized: '/deployments' requires one of the scopes: bosh.admin, bosh.deadbeef.admin, bosh.read, bosh.deadbeef.read`)
       end
     end