New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support failed authentication, too #36

Open

SchulteMarkus opened this issue Mar 5, 2020 · 1 comment

Labels

Contributor

SchulteMarkus commented Mar 5, 2020

This extension supports responding with a "problem"

if an authentication if required, but not given, see UnauthorizedExceptionMapper
if a valid authentication is given, but role is forbidden to access the requested resource, see ForbiddenExceptionMapper

There is one more case:

A resource requires authentication, an authentication is given, but invalid.
Imagine one more test in TestResourceIT:

@QuarkusTest
public class TestResourceIT {

   ...

  @Test
  void restrictedAuthenticationInvalid() {
    given()
        .auth()
        .preemptive()
        .basic("scott", "wrongpass")
        .when()
        .get("/test/restricted")
        .then()
        .statusCode(UNAUTHORIZED.getStatusCode())
        .body("status", is(UNAUTHORIZED.getStatusCode()));
  }

For time being, this extension seems not to catch this case, an empty body (401 HTTP status code) is being returned.

Feature request
Please add to this extension, that if a given authentication is invalid, a valid API "problem" will be returned.

SchulteMarkus added the enhancement label

Contributor

CrystalMethod commented Mar 10, 2020

I've noticed that too. I'm gonna go check it out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment