New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistencies between implementation and API spec #83
Comments
Also, unless I've missed it, the spec doesn't mention that admins don't have a profile, as this issue suggests. |
the handling of admins is specific to Hoodie, it’s out of scope of the generic account JSON API spec |
That's fine, but the spec has this line:
Which to me parses as:
So are Hoodie admins non-compliant or should the spec mention that profiles are actually optional? Or alternatively, should this line in the spec be parsed as:
|
yes, I’m sorry, Hoodie admins are not actual accounts that you can sign in with, they are only used to manage your app settings, other accounts, etc. So we implement the Spec for normal user accounts in |
The second item under |
fixed, thanks @breun |
I suggest we simply reference the JSON API query parameters instead of repeating the JSON API spec in our own. I’ve started a PR here: hoodiehq/account-json-api#23 any thoughts? |
I think all issues regarding the spec not mentioning query arguments like |
@patriciagarcia I’m going and rewording your list to make it simpler to create starter issues out of them. I removed this these
I think if authentication is not needed, it can be simply ignored, no need to throw an error? Maybe there is a test case for that though :)
we already have the
|
resolves the errors mentiond in #83 * * * This commit was sponsored by Neighbourhoodie You can hire Neighbourhoodie for all your Hoodie / CouchDB / Offline First needs http://go.hood.ie/thehoodiefirm
resolves the errors mentiond in #83 * * * This commit was sponsored by Neighbourhoodie You can hire Neighbourhoodie for all your Hoodie / CouchDB / Offline First needs http://go.hood.ie/thehoodiefirm
@patriciagarcia hey Pat, I know it’s been a looooooong while, but can you recall why you suggested to "Also remove call to invalid-type-error.js (!)" for |
yay finally created issues for all the things that Patricia found :) Took only 8 months but hey ✌️ Thanks again for your great help Patricia 👏 |
It seems that the current implementation is not completely compatible with the API spec, here is the list of differences I found, for creating follow up issues.
Some things to take into account:
Let me know if there are any questions!
Session
PUT /session
Invalid credentials
instead ofInvalid password
Invalid password
->Invalid credentials
)utils/invalid-type-errors.js
) the error message to return should bedata.type must be 'session'
instead ofchild "data" fails because [child "type" fails because ["type" is required]]
utils/invalid-type-errors.js
) the error message to return should bedata.type must be 'session'
instead ofchild "data" fails because [child "type" fails because ["type" must be one of [session]]]
utils/authorization-header-not-allowed-error.js
) the error message to return should beAuthorization header not allowed
instead ofchild "authorization" fails because ["authorization" is not allowed]
?include=<path>
with any unsupported path should return400 Bad Request
, we currently return403 Forbidden
PUT /session?include=account.profile
400 Bad Request
as per JSON API specGET /session
401, "Authorization header missing"
instead of403
401, "Session invalid"
instead of404
the error to return should be
401, "Session invalid"instead of
404`GET /session?include=foobar
, according to JSON API spec this should return400 Bad Request
instead of403
DELETE /session
401, "Authorization header missing"
instead of403
401, "Session invalid"
instead of404
401, "Session invalid"
instead of404
/DELETE /session?include=foobar
and test that it returns400 Bad Request
according to JSON API specAccount
PUT /session/account
409 Document update conflict
, but should be409: An account with that username already exists
data.type must be 'account'
instead ofchild "data" fails because [child "type" fails because ["type" is required]]
data.type must be 'account''
, instead ofchild "data" fails because [child "type" fails because ["type" must be one of [account]]]
utils/authorization-header-not-allowed-error.js
) the error message to return should beAuthorization header not allowed
instead ofchild "authorization" fails because ["authorization" is not allowed]
PUT /session/account?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specGET /session/account
401, "Authorization header missing"
if the request misses the authorization header401, "Session invalid"
instead of404
404 "Admins have no accounts"
instead of403
GET /session/account?include=foobar
test, server response should be `400 Bad Request according to JSON API specPATCH /session/account
401, "Authorization header missing"
instead of403
204
with empty body (!) instead of201
401, "Session invalid"
if the session is not validPATCH /session/account?include=foobar
and test that server returns400 bad request
as per JSON API specDELETE /session/account
401, "Session invalid"
instead of404
401, "Authorization header missing"
if the request misses the authorization headerDELETE /session/account?include=foobar
and test that server returns400 bad request
as per JSON API specProfile
GET /session/account/profile
401, "Authorization header missing"
if the request misses the authorization header404 Admins have no accounts
instead of403
GET /session/account/profile?include=foobar
and test that server returns400 bad request
as per JSON API specPATCH /session/account/profile
204
with empty body (!) instead of201
401, "Authorization header missing"
if the request misses the authorization header404 Admins have no profiles
instead of403
PATCH /session/account/profile?include=foobar
and test that server returns400 bad request
as per JSON API specRequests
In all relevant
/requests
routes<METHOD> /requests?include=foobar
and test that server returns400 bad request
as per JSON API specPOST /requests
data.type must be 'request'
instead ofchild "data" fails because [child "type" fails because ["type" is required]]
data.type must be 'request'
instead ofchild "data" fails because [child "type" fails because ["type" is required]]
Admins
User account collection
POST /accounts
401, "Authorization header missing"
instead of403
401, "Session invalid"
if user is not an admin401, "Session invalid"
when the session is invaliddata.type must be 'account'
instead ofchild "data" fails because [child "type" fails because ["type" is required]]
data.type must be 'account''
, instead ofchild "data" fails because [child "type" fails because ["type" must be one of [account]]]
POST /accounts?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specGET /accounts
401, "Authorization header missing"
instead of403
401, "Session invalid"
if user is not an admin401, "Session invalid"
when the session is invalidGET /accounts?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specGET /accounts/id
404
when account not found401, "Authorization header missing"
401, "Session invalid"
if user is not an admin401, "Session invalid"
when the session is invalidGET /accounts/123?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specPATCH /accounts/id
401, "Authorization header missing"
instead of403
401, "Session invalid"
401, "Session invalid"
if user is not an admin204
with empty body (!) instead of201
data.type
is notaccount
, server must respond withdata.type must be 'account'
404
when account not found409, "'type' and 'id' provided don't match any existing document"
iftype
and/orid
in the request are not correct or missing. Also remove call toinvalid-type-error.js
(!)PATCH /accounts/123?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specDELETE /accounts/id
401, "Authorization header missing"
instead of403
401, "Session invalid"
when the session is invalid (there is a pending test 'CouchDB session invalid')401, "Session invalid"
if user is not an admin404
when account not foundDELETE /accounts/123?include=foobar
and test that server responds with400 Bad Request
as defined in JSON API specThe text was updated successfully, but these errors were encountered: