Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better HTTP error codes #250

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Better HTTP error codes #250

wants to merge 1 commit into from
+3 −3

Conversation

machadoug
Copy link

It's better to use 401 for lack of permission and 409 if the user already exists
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/409

aspcanada
aspcanada reviewed Apr 27, 2021
View reviewed changes
{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/users.py
@@ -127,7 +127,7 @@ def read_user_by_id(
return user
if not crud.user.is_superuser(current_user):
raise HTTPException(
status_code=400, detail="The user doesn't have enough privileges"
status_code=401, detail="The user doesn't have enough privileges"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a 403

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@machadoug Can you change it?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree, it should be a 403

@menkotoglou
Copy link

Seems like a stale PR. Could that be closed now?

@codespearhead
Copy link

codespearhead commented May 10, 2024
edited

This branch is way behind main and OP hasn't acted on the suggestions, but the problem still persists:

Should be status_code=409

full-stack-fastapi-template/backend/app/api/routes/users.py

Lines 58 to 62 in a7f4d7d

if user:
raise HTTPException(
status_code=400,
detail="The user with this email already exists in the system.",
)

Should be status_code=409

full-stack-fastapi-template/backend/app/api/routes/users.py

Lines 154 to 158 in a7f4d7d

if user:
raise HTTPException(
status_code=400,
detail="The user with this email already exists in the system",
)

Should be `status_code=403 (fixed in 541dd75)

full-stack-fastapi-template/backend/app/api/routes/users.py

Lines 174 to 178 in a7f4d7d

if not current_user.is_superuser:
raise HTTPException(
status_code=403,
detail="The user doesn't have enough privileges",
)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miaohf miaohf miaohf left review comments

@aspcanada aspcanada aspcanada left review comments

@codespearhead codespearhead codespearhead left review comments

Assignees
No one assigned
Labels
investigate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@machadoug @menkotoglou @codespearhead @miaohf @aspcanada @tiangolo