Merge pull request #23 from vitekkor/#22_fix-http-status-on-auth-failure

vitekkor · web-flow · commit fbe1ef1e324d · 2022-12-06T22:08:43.000+03:00
Resolves #22: return Http status 401 instead of 403 on authorization failure
diff --git a/src/main/kotlin/com/vitekkor/frogapi/controller/ApiController.kt b/src/main/kotlin/com/vitekkor/frogapi/controller/ApiController.kt
@@ -32,7 +32,7 @@ class ApiController(
     ) = withContext(Dispatchers.IO) {
         logger.info("Incoming frog request with token $token")
         val tokenFromDB = tokenService.getToken(token) ?: kotlin.run {
-            httpServletResponse.status = 403
+            httpServletResponse.status = 401
             return@withContext
         }
         tokenFromDB.requests++
@@ -60,7 +60,7 @@ class ApiController(
             userRepository.findOneByEmail(email)
         }
         if (user == null || user.password != password.encodeBase64()) {
-            return ResponseEntity.status(HttpStatus.FORBIDDEN).build()
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()
         }
         val newToken = tokenService.generateToken(user)
         tokenService.saveToken(newToken)

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ class ApiController(`
`32`	`32`	`) = withContext(Dispatchers.IO) {`
`33`	`33`	`logger.info("Incoming frog request with token $token")`
`34`	`34`	`val tokenFromDB = tokenService.getToken(token) ?: kotlin.run {`
`35`		`- httpServletResponse.status = 403`
	`35`	`+ httpServletResponse.status = 401`
`36`	`36`	`return@withContext`
`37`	`37`	`}`
`38`	`38`	`tokenFromDB.requests++`
`@@ -60,7 +60,7 @@ class ApiController(`
`60`	`60`	`userRepository.findOneByEmail(email)`
`61`	`61`	`}`
`62`	`62`	`if (user == null \|\| user.password != password.encodeBase64()) {`
`63`		`- return ResponseEntity.status(HttpStatus.FORBIDDEN).build()`
	`63`	`+ return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()`
`64`	`64`	`}`
`65`	`65`	`val newToken = tokenService.generateToken(user)`
`66`	`66`	`tokenService.saveToken(newToken)`