Merge pull request #216 from KerkhoffTechnologies/3365-test-api-membe…

…r-permissions Detect permissions errors in Autotask's HTTP 500 responses
KerkhoffTechnologies · Mar 11, 2024 · 3d251ac · 3d251ac
2 parents d821e93 + c12edde
commit 3d251ac
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 18 deletions.
diff --git a/djautotask/__init__.py b/djautotask/__init__.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-VERSION = (1, 5, 4, 'final')
+VERSION = (1, 5, 5, 'final')
 
 # pragma: no cover
 if VERSION[-1] != "final":

diff --git a/djautotask/api.py b/djautotask/api.py
@@ -350,23 +350,17 @@ def _prepare_error_response(self, response):
         # decode the bytes encoded error to a string
         # error = error.args[0].decode("utf-8")
         error = error.replace('\r\n', '')
-        messages = []
 
         try:
-            error = json.loads(error)
-            stripped_message = error.get('message').rstrip('.') if \
-                error.get('message') else 'No message'
-            primary_error_msg = '{}.'.format(stripped_message)
-            if error.get('errors'):
-                for error_message in error.get('errors'):
-                    messages.append(
-                        '{}.'.format(error_message.rstrip('.'))
-                    )
-
-            messages = ' The error was: '.join(messages)
-
-            msg = '{} {}'.format(primary_error_msg, messages)
-
+            error_json = json.loads(error)
+            error_list = error_json.get('errors', [])
+            if len(error_list) > 1:
+                msg = 'Errors: {}'.format(', '.join(error_list))
+            elif len(error_list) == 1:
+                msg = error_list[0]
+            else:
+                # No errors given
+                msg = 'No error message given.'
         except json.decoder.JSONDecodeError:
             # JSON decoding failed
             msg = 'An error occurred: {} {}'.format(response.status_code,
@@ -516,8 +510,14 @@ def _fetch_resource(endpoint_url, request_retry_counter=None,
                     self._prepare_error_response(response))
             elif response.status_code == 500:
                 self._log_failed(response)
-                raise AutotaskAPIServerError(
-                    self._prepare_error_response(response))
+                msg = self._prepare_error_response(response)
+                if FORBIDDEN_ERROR_MESSAGE in msg:
+                    # Standards, who needs em?
+                    raise AutotaskSecurityPermissionsException(msg)
+                else:
+                    raise AutotaskAPIServerError(
+                        self._prepare_error_response(response)
+                    )
             else:
                 self._log_failed(response)
                 raise AutotaskAPIError(

diff --git a/runtests.py b/runtests.py
@@ -22,6 +22,7 @@
         'django.contrib.auth',
         'django.contrib.sessions',
     ),
+    SECRET_KEY='correct horse battery staple',
     AUTOTASK_SERVER_URL='https://localhost',
     AUTOTASK_CREDENTIALS={
         'username': '',