Return 403 for unauthorized API requests
Also cleanup error handling code and remove last translatable API error messages
This commit is contained in:
Jonne Haß
parent
884de9008f
commit
dcbd02cf7f
2 changed files with 10 additions and 15 deletions
|
|
@ -12,33 +12,32 @@ module Api
|
||||||
rescue_from Exception do |e|
|
rescue_from Exception do |e|
|
||||||
logger.error e.message
|
logger.error e.message
|
||||||
logger.error e.backtrace.join("\n")
|
logger.error e.backtrace.join("\n")
|
||||||
render json: error_body(500, e.message), status: :internal_server_error
|
render_error 500, e.message
|
||||||
|
end
|
||||||
|
|
||||||
|
rescue_from Rack::OAuth2::Server::Resource::Bearer::Unauthorized do |e|
|
||||||
|
logger.error e.message
|
||||||
|
render_error 403, e.message
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from Rack::OAuth2::Server::Resource::Forbidden do |e|
|
rescue_from Rack::OAuth2::Server::Resource::Forbidden do |e|
|
||||||
logger.error e.message
|
logger.error e.message
|
||||||
render json: error_body(403, e.message), status: :forbidden
|
render_error 403, e.message
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from ActiveRecord::RecordNotFound do |e|
|
rescue_from ActiveRecord::RecordNotFound do |e|
|
||||||
logger.error e.message
|
logger.error e.message
|
||||||
message = I18n.t("api.error.not_found")
|
render_error 404, "No record found for the given id"
|
||||||
render json: error_body(404, message), status: :not_found
|
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from ActiveRecord::RecordInvalid do |e|
|
rescue_from ActiveRecord::RecordInvalid do |e|
|
||||||
logger.error e.message
|
logger.error e.message
|
||||||
render json: error_body(422, e.to_s), status: :unprocessable_entity
|
render_error 422, e.message
|
||||||
end
|
end
|
||||||
|
|
||||||
rescue_from ActionController::ParameterMissing do |e|
|
rescue_from ActionController::ParameterMissing do |e|
|
||||||
logger.error e.message
|
logger.error e.message
|
||||||
message = I18n.t("api.error.wrong_parameters") + ": " + e.message
|
render_error 422, "Parameters missing or invalid: #{e.message}"
|
||||||
render json: error_body(422, message), status: :unprocessable_entity
|
|
||||||
end
|
|
||||||
|
|
||||||
def error_body(code, message)
|
|
||||||
{code: code, message: message}
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def current_user
|
def current_user
|
||||||
|
|
|
||||||
|
|
@ -985,10 +985,6 @@ en:
|
||||||
login_required: "You must first login before you can authorize this application"
|
login_required: "You must first login before you can authorize this application"
|
||||||
could_not_authorize: "The application could not be authorized"
|
could_not_authorize: "The application could not be authorized"
|
||||||
|
|
||||||
error:
|
|
||||||
not_found: "No record found for given id."
|
|
||||||
wrong_parameters: "Some parameters are wrong or missing."
|
|
||||||
|
|
||||||
people:
|
people:
|
||||||
person:
|
person:
|
||||||
thats_you: "That’s you!"
|
thats_you: "That’s you!"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue