Authorization error is misleading #77
Description
If you attempt to cloudsmith push docker with an entitlement token (which, as I've learned the hard way, are read-only), you'll get approximately the following:
Checking docker package upload parameters ... ERROR
Failed to validate upload parameters! (status: 401 - Unauthorized)
Detail: Invalid token.
Hint: Since you have an API key set, this probably means you don't have the permision to perform this action.
First, the error is self-contradictory: the first half, "401 - Unauthorized" is an HTTP status code; 401 is a bit screwed up in HTTP, but it means and should be read as (despite what one might think from the canonical reason phrase) unauthenticated.
The latter half says something completely different: "you don't have the permision (sic)" ; the proper HTTP status for that would be 403 Forbidden.
So, the user is left wondering "which is it?".
(Initially, I had only read the code — 401 — and mistakenly presumed it was an actual authentication problem, and spent considerable time chasing that goose. This turned out to be an authorization problem, and the hint is correct.)
Additionally, "permission" is misspelled in the error message.