Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Course creation: validation errors return to unauthorized user #41

Open
plushkinaaa opened this issue Jun 25, 2022 · 1 comment
Open

Course creation: validation errors return to unauthorized user #41

plushkinaaa opened this issue Jun 25, 2022 · 1 comment
Labels
question Further information is requested

Comments

@plushkinaaa
Copy link

Steps to reproduce

  1. Send post request http://qa-school-test.quantori.academy/api/v1/courses without body
    Actual behavior
{
    "errors": [
        {
            "msg": "Please send required fields: title,categoryId",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Please send required fields: title,categoryId",
            "param": "categoryId",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Minimum course title length is: 3",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "You are not allowed to use spaces only",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "description",
            "location": "body"
        },
        {
            "msg": "Minimum course description length is: 3",
            "param": "description",
            "location": "body"
        },
        {
            "msg": "Parameter should be boolean",
            "param": "visible",
            "location": "body"
        },
        {
            "msg": "Parameter should be numeric",
            "param": "categoryId",
            "location": "body"
        },
        {
            "msg": "Unable to find category record(s)",
            "param": "categoryId",
            "location": "body"
        }
    ]
}

Expected behavior

{
    "errors": "Unauthorized"
}
@viraxslot
Copy link
Owner

@plushkinaaa endpoint checks are organized in this way:

  1. Check the request body (apply validations)
  2. Check the JWT (authenticated or not)
  3. Check permissions (forbidden or not)

So it's the expected error.
Why do you think we need to check the token first?

@viraxslot viraxslot added the question Further information is requested label Jun 28, 2022
@viraxslot viraxslot mentioned this issue Jun 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@viraxslot @plushkinaaa