Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

403 for unknown user type is missing errors in error details #1491

Closed
oskogstad opened this issue Nov 19, 2024 · 1 comment
Closed

403 for unknown user type is missing errors in error details #1491

oskogstad opened this issue Nov 19, 2024 · 1 comment
Assignees
Labels
bug Something isn't working

Comments

@oskogstad
Copy link
Collaborator

Reproduction

Call the service owner API with a valid token, but with no scopes.

Expected behavior

403, with error details that contains the custom message about being unable to determine user type

Actual behavior

403 + response body, but errors array with custom message is missing

@oskogstad oskogstad added the bug Something isn't working label Nov 19, 2024
oskogstad added a commit that referenced this issue Nov 19, 2024
<!--- Provide a general summary of your changes in the Title above -->

## Description

<!--- Describe your changes in detail -->
Errors list is missing in error details when user type is unknown

## Related Issue(s)

- #1491 

## Verification

- [x] **Your** code builds clean without any errors or warnings
- [x] Manual testing done (required)
- [ ] Relevant automated test added (if you find this hard, leave it and
we'll help out)

## Documentation

- [ ] Documentation is updated (either in `docs`-directory, Altinnpedia
or a separate linked PR in
[altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if
applicable)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Bug Fixes**
- Improved handling of unknown user types in the authentication
middleware, ensuring clearer response management.
  
- **Refactor**
- Enhanced code clarity by separating response retrieval and writing
processes in the user type validation logic.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@oskogstad oskogstad self-assigned this Nov 19, 2024
@LeifHelstad
Copy link

LeifHelstad commented Nov 22, 2024

Test:

Jeg har forsøkt å gjenskape tilfellet, men dette er etter litt undersøkelser med Ole Jørgen ikke en situasjon som kan oppstå nå.
Rettelsen (har kikket på koden) er kun en armering om det skulle finnes ukjente veier hit.

Veier litt på om teststatus er NA fordi den dynamisk ikke kan testes, eller om den er Passed fordi den på mange måter er verifisert via inspeksjon. Jeg velger det siste.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Development

No branches or pull requests

3 participants