From c12edde9704a2b5d08703eaa9e2362ea280c3553 Mon Sep 17 00:00:00 2001
From: Matt Fox <matt@topleft.team>
Date: Sat, 9 Mar 2024 18:19:07 -0800
Subject: [PATCH] Detect permissions errors in Autotask's HTTP 500 responses

---
 djautotask/__init__.py |  2 +-
 djautotask/api.py      | 34 +++++++++++++++++-----------------
 runtests.py            |  1 +
 3 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/djautotask/__init__.py b/djautotask/__init__.py
index 7623638..9dccdd2 100644
--- a/djautotask/__init__.py
+++ b/djautotask/__init__.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-VERSION = (1, 5, 4, 'final')
+VERSION = (1, 5, 5, 'final')
 
 # pragma: no cover
 if VERSION[-1] != "final":
diff --git a/djautotask/api.py b/djautotask/api.py
index eceee3d..fb3556b 100644
--- a/djautotask/api.py
+++ b/djautotask/api.py
@@ -350,23 +350,17 @@ def _prepare_error_response(self, response):
         # decode the bytes encoded error to a string
         # error = error.args[0].decode("utf-8")
         error = error.replace('\r\n', '')
-        messages = []
 
         try:
-            error = json.loads(error)
-            stripped_message = error.get('message').rstrip('.') if \
-                error.get('message') else 'No message'
-            primary_error_msg = '{}.'.format(stripped_message)
-            if error.get('errors'):
-                for error_message in error.get('errors'):
-                    messages.append(
-                        '{}.'.format(error_message.rstrip('.'))
-                    )
-
-            messages = ' The error was: '.join(messages)
-
-            msg = '{} {}'.format(primary_error_msg, messages)
-
+            error_json = json.loads(error)
+            error_list = error_json.get('errors', [])
+            if len(error_list) > 1:
+                msg = 'Errors: {}'.format(', '.join(error_list))
+            elif len(error_list) == 1:
+                msg = error_list[0]
+            else:
+                # No errors given
+                msg = 'No error message given.'
         except json.decoder.JSONDecodeError:
             # JSON decoding failed
             msg = 'An error occurred: {} {}'.format(response.status_code,
@@ -516,8 +510,14 @@ def _fetch_resource(endpoint_url, request_retry_counter=None,
                     self._prepare_error_response(response))
             elif response.status_code == 500:
                 self._log_failed(response)
-                raise AutotaskAPIServerError(
-                    self._prepare_error_response(response))
+                msg = self._prepare_error_response(response)
+                if FORBIDDEN_ERROR_MESSAGE in msg:
+                    # Standards, who needs em?
+                    raise AutotaskSecurityPermissionsException(msg)
+                else:
+                    raise AutotaskAPIServerError(
+                        self._prepare_error_response(response)
+                    )
             else:
                 self._log_failed(response)
                 raise AutotaskAPIError(
diff --git a/runtests.py b/runtests.py
index 0b5c94d..4b491b1 100755
--- a/runtests.py
+++ b/runtests.py
@@ -22,6 +22,7 @@
         'django.contrib.auth',
         'django.contrib.sessions',
     ),
+    SECRET_KEY='correct horse battery staple',
     AUTOTASK_SERVER_URL='https://localhost',
     AUTOTASK_CREDENTIALS={
         'username': '',