mmerickel
commented
12 years ago So I sort of feel like this falls outside of the scope of pyramid_rpc. There are two possible solutions here:
- I update pyramid_rpc to catch Forbidden exceptions and translate it to a pyramid_rpc-specific error message in the range of -32099 to -32000. It would fall into this range because the json-rpc specification doesn't say anything about security or related error codes.
- You can catch the Forbidden exception yourself and return whatever you like. There are several ways to do that, but here's what I would recommend:
@view_config(context=HTTPForbidden, route_name='jsonrpc', renderer='json')
def jsonrpc_forbidden_view(request):
return {
'jsonrpc': '2.0',
'id': request.rpc_id,
'error': {
code=401,
message='Unauthorized',
},
}To clarify, this should work because pyramid_rpc itself registers a similar view to handle all errors of type Exception, but since this one is a more specific type of exception, it will override that view and win in the case of an HTTPForbidden exception.
jwashin
I want to have my pyjamas (json-rpc) client display a login dialog as a response to Forbidden.
Currently (git head), Forbidden is returned as JsonRpcRequestInvalid.
Invalid Request is defined in the JSON-RPC 2.0 spec http://jsonrpc.org/spec.html : The JSON sent is not a valid Request object.
Forbidden needs to be distinguished from Invalid Request.
I believe that, since the JSON-RPC spec requires a json-rpc response, the proper response would be a jsonrpc_error_response with an error code of 401, with message "Unauthorized".