Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Proper HTTP Status Code Usage for Authentication and Authorization Errors #9463

Merged
merged 2 commits into from
Jan 8, 2025
Merged

Fix: Proper HTTP Status Code Usage for Authentication and Authorization Errors #9463

merged 2 commits into from
Jan 8, 2025

Conversation

yadavshubham01
Copy link
Contributor

This PR ensures the correct usage of HTTP status codes (401 Unauthorized and 403 Forbidden) for authentication and authorization errors, aligning with standard HTTP semantics. The changes impact the handling of AuthException across the application.

Changes Implemented
Updated Exception Handling Logic:

401 Unauthorized: Now used for cases where the user is unauthenticated (e.g., missing JWT, expired JWT, invalid credentials).
403 Forbidden: Used strictly for cases where the user is authenticated but lacks the required permissions.
2. Affected Files:
before :-

Screenshot 2025-01-04 184617

After:-

image

  1. Frontend Impact:

Verified frontend token renewal and error-handling flows.
Updated logic for handling 401 responses to trigger re-authentication (e.g., token refresh or redirect to login).

4.Issue Resolved: #9347

@yadavshubham01
Copy link
Contributor Author

hey @FelixMalfait preview this pull request

@prastoin
Copy link
Contributor

prastoin commented Jan 8, 2025

Hello @yadavshubham01, your PR description says

Updated logic for handling 401 responses to trigger re-authentication (e.g., token refresh or redirect to login).

But unless I'm mistaken I can't find no diff on the front package ? Maybe an oversight ?
Please let me know

@charlesBochet
Copy link
Member

I have tested the PR locally with short access token and refresh token expirations and the FE is still behaving as expected.
Merging this one, thank you @yadavshubham01

@charlesBochet charlesBochet merged commit 09513b6 into twentyhq:main Jan 8, 2025
21 checks passed
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 8, 2025

Fails
🚫

node failed.

Log

�[31mError: �[39m SyntaxError: Unexpected token C in JSON at position 0
    at JSON.parse (<anonymous>)
�[90m    at parseJSONFromBytes (node:internal/deps/undici/undici:5584:19)�[39m
�[90m    at successSteps (node:internal/deps/undici/undici:5555:27)�[39m
�[90m    at fullyReadBody (node:internal/deps/undici/undici:1665:9)�[39m
�[90m    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)�[39m
�[90m    at async specConsumeBody (node:internal/deps/undici/undici:5564:7)�[39m
danger-results://tmp/danger-results-07531200.json

Generated by 🚫 dangerJS against d5547e4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@charlesBochet charlesBochet charlesBochet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incorrect 401 vs 403 error codes
3 participants
@yadavshubham01 @prastoin @charlesBochet