jump: improve errors on api call (#76278)

2023-04-05 17:35:42 +02:00 · 2023-04-05 17:35:42 +02:00 · ea2b64b602
parent 68ae071267
commit ea2b64b602
2 changed files with 20 additions and 5 deletions
--- a/tests/api/test_workflow.py
+++ b/tests/api/test_workflow.py
@ -79,7 +79,10 @@ def test_workflow_trigger(pub, local_user):

    # verify trigger presence (not-404 response)
    formdata.store()  # reset
-    get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/XXX'), status=403)  # not 404: ok
+    resp = get_app(pub).get(
+        sign_uri(formdata.get_url() + 'jump/trigger/XXX'), headers={'accept': 'application/json'}, status=403
+    )  # not 404: ok
+    assert resp.json['err_desc'] == 'wrong HTTP method (must be POST)'
    assert formdef.data_class().get(formdata.id).status == 'wf-st1'
    get_app(pub).get(sign_uri(formdata.get_url() + 'jump/trigger/ABC'), status=404)
    # jump, and then test trigger is not available
@ -385,8 +388,17 @@ def test_workflow_trigger_http_auth_access(pub, local_user):
    access.store()

    app = get_app(pub)
+    app.set_authorization(('Basic', ('test', 'wrong')))
+    resp = app.post(
+        formdata.get_url() + 'jump/trigger/XXX/', headers={'accept': 'application/json'}, status=403
+    )
+    assert resp.json['err_desc'] == 'user not authenticated'
+
    app.set_authorization(('Basic', ('test', '12345')))
-    app.post(formdata.get_url() + 'jump/trigger/XXX/', status=403)
+    resp = app.post(
+        formdata.get_url() + 'jump/trigger/XXX/', headers={'accept': 'application/json'}, status=403
+    )
+    assert resp.json['err_desc'] == 'unsufficient roles'
    assert formdef.data_class().get(formdata.id).status == 'wf-st1'  # no change

    access.roles = [role]
--- a/wcs/wf/jump.py
+++ b/wcs/wf/jump.py
@ -80,11 +80,14 @@ class TriggerDirectory(Directory):
                if not item.get_target_status():
                    raise errors.PublishError('broken jump / missing target')
                if not get_request().get_method() == 'POST':
-                    raise errors.AccessForbiddenError()
+                    raise errors.AccessForbiddenError('wrong HTTP method (must be POST)')
                if signed_request and not item.by:
                    pass
-                elif not item.check_auth(self.formdata, user):
-                    raise errors.AccessForbiddenError()
+                else:
+                    if not user:
+                        raise errors.AccessForbiddenError('user not authenticated')
+                    if not item.check_auth(self.formdata, user):
+                        raise errors.AccessForbiddenError('unsufficient roles')
                if item.check_condition(self.formdata, trigger=component):
                    workflow_data = None
                    if hasattr(get_request(), '_json'):