search

balanced / balanced-ruby

Balanced API library in ruby.
MIT License
111 stars 47 forks source link

Searching Customers by email when unauthorized returns nil instead of 403 #110

Closed rpearce closed 11 years ago

rpearce commented 11 years ago

Code: Balanced::Customer.find(:first, email: 'user@email.com')

As a Balanced client Given I have not executed Balanced.configure "#{MY SECRET KEY}" When I search for a customer via email I should receive a 403 (Forbidden) error

mahmoudimus commented 11 years ago

@rpearce - woah, thanks for reporting. I'll fix. Thanks for the cucumber? test as well!

mjallday commented 11 years ago 
2.0.0p0 :001 > require 'balanced'
 => true 
2.0.0p0 :002 > Balanced::Customer.find(:first, email: 'marshall@balancedpayments.com')
Balanced::Unauthorized: Balanced::Unauthorized(401)::Unauthorized:: GET https://api.balancedpayments.com/v1/customers?email=marshall%40balancedpayments.com: authentication-required: Not permitted to perform index on customers. Your request id is OHM1ef127cef54311e2a075026ba7cac9da. 
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/response/balanced_exception_middleware.rb:41:in `on_complete'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/response.rb:9:in `block in call'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/response.rb:63:in `on_complete'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/response.rb:8:in `call'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/response.rb:8:in `call'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/response/logger.rb:20:in `call'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday_middleware-0.9.0/lib/faraday_middleware/request/encode_json.rb:23:in `call'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/connection.rb:247:in `run_request'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/faraday-0.8.7/lib/faraday/connection.rb:100:in `get'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/client.rb:81:in `method_missing'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced.rb:67:in `get'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/pager.rb:169:in `load_from'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/pager.rb:119:in `load!'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/pager.rb:31:in `first'
    from /Users/marshall/.rvm/gems/ruby-2.0.0-p0/gems/balanced-0.7.2/lib/balanced/resources/resource.rb:187:in `find'
    from (irb):2
    from /Users/marshall/.rvm/rubies/ruby-2.0.0-p0/bin/irb:16:in `<main>'2.0.0p0 :003 >
mjallday commented 11 years ago

Seems correct to me:

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

401 Unauthorized Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.[2] The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.

403 Forbidden The request was a valid request, but the server is refusing to respond to it.[2] Unlike a 401 Unauthorized response, authenticating will make no difference.[2] On servers where authentication is required, this commonly means that the provided credentials were successfully authenticated but that the credentials still do not grant the client permission to access the resource (e.g. a recognized user attempting to access restricted content).

mjallday commented 11 years ago

@rpearce if you've can reproduce it consistently please re-open with an example and i'll look deeper into this.

mahmoudimus commented 11 years ago

@rpearce 80337f7 passing test for expected outcome. Can you make a pull request to demonstrate your issue?

rpearce commented 11 years ago

Damnit. I did it 5 times earlier; now I can't reproduce. There were connectivity issues earlier in the building, but there wasn't a timeout--it just returned nil.

Could it be that instead of throwing a connection failed error or a timeout when trying to connect to Balanced it returns nil?

Well, it works like a charm now; if I can reproduce again, then I'll make a pull request. Sorry for the apparent waste of time.

rpearce commented 11 years ago

Okay: idiot alert.

I thought I was in irb, but was in rails console when this occurred. I am configuring Balanced in my environment files (production/staging/development), and when I searched for someone, I was testing the 403 error and thought I had not already configured Balanced, but I had already done so in the environment file, and the email I searched for was not in your system, so it returned =>nil

As I said, sorry to waste time.