add clarifying error message for token error vs authorization error

youngbryanyu · Feb 29, 2024 · e6fb35c · e6fb35c
1 parent 5fda654
commit e6fb35c
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 12 deletions.
diff --git a/backend/src/features/auth/constants.ts b/backend/src/features/auth/constants.ts
@@ -9,5 +9,6 @@ export enum AuthHeaders {
 }
 
 export enum AuthResponseMessages {
-  _401_Unauthorized = "You are not authenticated with a valid access token or aren't authorized to access this resource."
+  _401_InvalidToken = 'You are not authenticated with a valid access token',
+  _401_NoAccess = "You aren't authorized to access this resource"
 }
diff --git a/backend/src/features/auth/controllers/authController.ts b/backend/src/features/auth/controllers/authController.ts
@@ -16,7 +16,7 @@ class AuthController {
     /* Check if headers contains bearer schema */
     if (!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) {
       res.status(401).json({
-        message: AuthResponseMessages._401_Unauthorized
+        message: AuthResponseMessages._401_InvalidToken
       });
       return;
     }
@@ -35,7 +35,7 @@ class AuthController {
       next();
     } catch (error) {
       res.status(401).json({
-        message: AuthResponseMessages._401_Unauthorized
+        message: AuthResponseMessages._401_InvalidToken
       });
       return;
     }
@@ -61,23 +61,23 @@ class AuthController {
     /* Check if decrypted token's UID is undefined */
     if (tokenUid === undefined) {
       res.status(401).json({
-        message: AuthResponseMessages._401_Unauthorized
+        message: AuthResponseMessages._401_NoAccess
       });
       return;
     }
 
     /* Check if `userId` is in body */
     if (req.body.userId !== undefined && tokenUid !== req.body.userId) {
       res.status(401).json({
-        message: AuthResponseMessages._401_Unauthorized
+        message: AuthResponseMessages._401_NoAccess
       });
       return;
     }
 
     /* Check if `userId` is in path params */
     if (req.params.userId !== undefined && tokenUid !== req.params.userId) {
       res.status(401).json({
-        message: AuthResponseMessages._401_Unauthorized
+        message: AuthResponseMessages._401_NoAccess
       });
       return;
     }

diff --git a/backend/tests/features/auth/authControllers.test.ts b/backend/tests/features/auth/authControllers.test.ts
@@ -50,7 +50,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_InvalidToken);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });
 
@@ -68,7 +68,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_InvalidToken);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });
 
@@ -109,7 +109,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_InvalidToken);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });
   });
@@ -129,7 +129,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_NoAccess);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });
 
@@ -148,7 +148,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_NoAccess);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });
 
@@ -167,7 +167,7 @@ describe('AuthController Tests', () => {
 
       /* Test against expected */
       expect(response.statusCode).toBe(401);
-      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_Unauthorized);
+      expect(response._getJSONData().message).toBe(AuthResponseMessages._401_NoAccess);
       expect(TestController.testFunction).not.toHaveBeenCalled();
     });