gtuk / diga-api-service

This project is a basic api around the excellent diga-api-client It supports validation and billing.
Apache License 2.0
7 stars 4 forks source link

Return 403 for diga test code requests when DISABLE_TESTCODES=true #11

Closed bokchan closed 3 years ago

bokchan commented 3 years ago

Currently the response for a diga test code when DISABLE_TESTCODES=true is:

{
    "timestamp": "2021-08-23T07:15:50.545+00:00",
    "status": 400,
    "error": "Bad Request",
    "message": "Testcodes are not allowed",
    "path": "/validate/77AAAAAAAAAAAGIS"
}

It could make sense to use return 403 Forbidden to denote this. It fits the semantics of the status code:

The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it.

And it is clear(er) that the error is different from the normal code validation error.

The proposed response would instead be:

{
    "timestamp": "2021-08-23T10:14:44.185+00:00",
    "status": 403,
    "error": "Forbidden",
    "message": "Testcodes are not allowed",
    "path": "/validate/77AAAAAAAAAAAGIS"
}
gtuk commented 3 years ago

That makes sense absolutely sense

gtuk commented 3 years ago

Version 1.0.2 released