Review use of Http 417 status code

DataONEorg / bookkeeper

Bookkeeper keeps track of DataONE product subscriptions and quotas for researchers using the extended services.

Other

1 stars 2 forks source link

Review use of Http 417 status code #48

Open gothub opened 4 years ago

gothub commented 4 years ago

Several of the bookkeeper services return Http status 417 (Expectation Failed), which isn't consistent with the error that occurred.

Consider using one of these Http status codes:

404 Not Found
500 Internal Server Error
503 Service Unavailable

Here is a sample request/response:

GET /bookkeeper/v1/quotas?quotaType=portal&subscribers=foo&requestor=http://orcid.org/0000-0002-2192-403X HTTP/1.1

{"code":417,"message":"The requested quotas couldn't be listed: http://orcid.org/0000-0002-2192-403X requested subscribers that don't exist or requestor doesn't have privilege to view them."}

For this case, where there was not an internal error (e.g. no SQL Error), status 404 seems the most appropriate.

In other instances, 417 is returned if any exception is thrown. In these cases, 500 may be more appropriate.

gothub commented 4 years ago

Changed 417 status codes to 500 in commit ede0e8883026fbbe4338abb7993ff2de2b5e528f

taojing2002 commented 4 years ago

Hi @gothub, when I ran this command which includes a non-existent subscriber CN=opc-1,DC=dataone,DC=org:

curl -H "X-DataONE-Subscriber: CN=opc-1,DC=dataone,DC=org" -H "Authorization: Bearer ${token}" -F "object=@portal.xml" -F "sysmeta=@sysmeta-portal.xml" -F "pid=jing.27.1" -X POST https://mn-stage-ucsb-2.test.dataone.org/metacat/d1/mn/v2/object/

Bookkeeper returned 403 (forbidden) rather than 404

{"code":403,"message":"The requested subscribers don't exist or requestor doesn't have privilege to view them."}