From 49d5ad7b3c24fc9c9847b473fda370398e3c7e38 Mon Sep 17 00:00:00 2001 From: Mani Chandra <84711804+ThisIsMani@users.noreply.github.com> Date: Sat, 17 Jun 2023 13:06:26 +0530 Subject: [PATCH] feat: add new error response for 403 (#1330) Co-authored-by: harsh_sharma_juspay Co-authored-by: Sampras Lopes --- crates/router/src/compatibility/stripe/errors.rs | 1 + .../router/src/core/errors/api_error_response.rs | 6 +++++- crates/router/src/services/authentication.rs | 15 +-------------- 3 files changed, 7 insertions(+), 15 deletions(-) diff --git a/crates/router/src/compatibility/stripe/errors.rs b/crates/router/src/compatibility/stripe/errors.rs index bb0fe46b7e..00460d4cce 100644 --- a/crates/router/src/compatibility/stripe/errors.rs +++ b/crates/router/src/compatibility/stripe/errors.rs @@ -367,6 +367,7 @@ impl From for StripeErrorCode { errors::ApiErrorResponse::Unauthorized | errors::ApiErrorResponse::InvalidJwtToken | errors::ApiErrorResponse::GenericUnauthorized { .. } + | errors::ApiErrorResponse::AccessForbidden | errors::ApiErrorResponse::InvalidEphemeralKey => Self::Unauthorized, errors::ApiErrorResponse::InvalidRequestUrl | errors::ApiErrorResponse::InvalidHttpMethod diff --git a/crates/router/src/core/errors/api_error_response.rs b/crates/router/src/core/errors/api_error_response.rs index cd637e96c4..9387719d36 100644 --- a/crates/router/src/core/errors/api_error_response.rs +++ b/crates/router/src/core/errors/api_error_response.rs @@ -89,6 +89,8 @@ pub enum ApiErrorResponse { FlowNotSupported { flow: String, connector: String }, #[error(error_type = ErrorType::InvalidRequestError, code = "IR_21", message = "Missing required params")] MissingRequiredFields { field_names: Vec<&'static str> }, + #[error(error_type = ErrorType::InvalidRequestError, code = "IR_22", message = "Access forbidden. Not authorized to access this resource")] + AccessForbidden, #[error(error_type = ErrorType::ConnectorError, code = "CE_00", message = "{code}: {message}", ignore = "status_code")] ExternalConnectorError { code: String, @@ -243,8 +245,9 @@ impl actix_web::ResponseError for ApiErrorResponse { Self::ExternalConnectorError { status_code, .. } => { StatusCode::from_u16(*status_code).unwrap_or(StatusCode::INTERNAL_SERVER_ERROR) } + Self::AccessForbidden => StatusCode::FORBIDDEN, // 403 Self::InvalidRequestUrl | Self::WebhookResourceNotFound => StatusCode::NOT_FOUND, // 404 - Self::InvalidHttpMethod => StatusCode::METHOD_NOT_ALLOWED, // 405 + Self::InvalidHttpMethod => StatusCode::METHOD_NOT_ALLOWED, // 405 Self::MissingRequiredField { .. } | Self::MissingRequiredFields { .. } | Self::InvalidDataValue { .. } @@ -415,6 +418,7 @@ impl common_utils::errors::ErrorSwitch AER::BadRequest( ApiError::new("IR", 21, "Missing required params".to_string(), Some(Extra {data: Some(serde_json::json!(field_names)), ..Default::default() })), ), + Self::AccessForbidden => AER::ForbiddenCommonResource(ApiError::new("IR", 22, "Access forbidden. Not authorized to access this resource", None)), Self::ExternalConnectorError { code, message, diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs index 88680aece5..d6e9350e0f 100644 --- a/crates/router/src/services/authentication.rs +++ b/crates/router/src/services/authentication.rs @@ -241,7 +241,7 @@ where } #[derive(Debug)] -pub struct JWTAuth; +pub(crate) struct JWTAuth; #[derive(serde::Deserialize)] struct JwtAuthPayloadFetchUnit { @@ -315,19 +315,6 @@ impl ClientSecretFetch for api_models::cards_info::CardsInfoRequest { } } -pub fn jwt_auth_or<'a, T: AuthInfo, A: AppStateInfo>( - default_auth: &'a dyn AuthenticateAndFetch, - headers: &HeaderMap, -) -> Box<&'a dyn AuthenticateAndFetch> -where - JWTAuth: AuthenticateAndFetch, -{ - if is_jwt_auth(headers) { - return Box::new(&JWTAuth); - } - Box::new(default_auth) -} - pub fn get_auth_type_and_flow( headers: &HeaderMap, ) -> RouterResult<(