API: Make the 401 error format consistent #5499
Labels
affects:api
Affects the Ghost API
good first issue
[triage] Start here if you've never contributed before.
At the moment the error returned from the API when you don't provide authentication is in a different format / structure to other error messages from the API.
There's a super easy way to see what I mean and test it using curl and the
authentication/setup
endpoint:The GET and POST requests both return a JSON response in the correct format, GET returns a 200 error with a top level key and some data. POST returns a 403 error with a top level
errors
key an an error object.However the
PUT
request returns a 401 error with an error object without a top level key.There is a rudimentary explanation of the design principles behind the Ghost API over on the wiki which should shed some more light on what is wrong with this response.
The code generating the response is here: https://github.com/TryGhost/Ghost/blob/master/core/server/middleware/middleware.js#L122
And an example of how errors are sent correctly is here: https://github.com/TryGhost/Ghost/blob/master/core/server/middleware/api-error-handlers.js#L12
This should be a straightforward change, but some testing needs to be done to ensure it gets handled properly by the ember admin application.
The text was updated successfully, but these errors were encountered: