a little bit more supportive of an error response for unauthorized methods with auth tokens

2026-04-17 22:24:34 +08:00 · 2017-06-29 15:19:16 -04:00
parent f4048d1121
commit 7e22913eed
2 changed files with 13 additions and 9 deletions
--- a/blockstack_client/rpc.py
+++ b/blockstack_client/rpc.py
@@ -3488,9 +3488,11 @@ class BlockstackAPIEndpointHandler(SimpleHTTPRequestHandler):
            if whitelist_info['name'] not in allowed_methods:
                if os.environ.get("BLOCKSTACK_TEST_NOAUTH_SESSION") != '1':
                    # this method is not allowed
-                    log.info("Unauthorized method call to {}".format(path_info['path']))
-                    return self._send_headers(status_code=403, content_type='text/plain')
-
+                    log.warn("Unauthorized method call to {}".format(path_info['path']))
+                    err = { 'error' :
+                            "Unauthorized method. Requires '{}', you have permissions for {}".format(
+                                whitelist_info['name'], allowed_methods)}
+                    return self._reply_json(err, status_code=403)
                else:
                    log.warning("No-session-authentication environment variable set; skipping...")

@@ -3498,7 +3500,7 @@ class BlockstackAPIEndpointHandler(SimpleHTTPRequestHandler):
            log.debug("Authenticated with session")

        if not authorized:
-            log.info("Failed to authenticate caller")
+            log.warn("Failed to authenticate caller")
            if BLOCKSTACK_TEST:
                log.debug("Session was: {}".format(session))

--- a/integration_tests/blockstack_integration_tests/live_tests/api_tests.py
+++ b/integration_tests/blockstack_integration_tests/live_tests/api_tests.py
@@ -158,6 +158,7 @@ class AuthInternal(APITestCase):
                                headers = auth_header, status_code=200)
        data = self.get_request('/v1/users/muneeb.id',
                                headers = auth_header, status_code=403)
+        self.assertIn('error', data)

    def test_auth_token_no_username(self):
        auth_header = get_auth_header()
@@ -416,7 +417,7 @@ def test_main(args = []):
        print("Failure of the ping test means the rest of the unit tests will " +
              "fail. Is the blockstack api daemon running? (did you run " +
              "`blockstack api start`)")
-        return
+        sys.exit(1)

    if len(args) == 1 and args[0] == "--list":
        print("Tests supported: ")
@@ -447,10 +448,11 @@ def test_main(args = []):
    for test_name in args:
        test_suite.addTest( unittest.TestLoader().loadTestsFromTestCase(test_map[test_name]) )
    result = test_runner( test_suite )
-    if result.wasSuccessful():
-        sys.exit(0)
-    else:
-        sys.exit(1)
+    if result: # test_support.run_unittest returns None
+        if result.wasSuccessful():
+            sys.exit(0)
+        else:
+            sys.exit(1)

 if __name__ == '__main__':
    test_main(sys.argv[1:])