Closed pb82 closed 4 years ago
I have verified the functionality works as explained in the steps above but I did find one issue that I think needs to be addressed before this can be merged.
If you try connect to the server with an invalid token, a 500 response is given. I believe this should be a 401 response.
To cause this issue I ran
curl -H "X-Forwarded-Access-Token: <INVALID TOKEN>" -X POST -d '{}' https://solution-explorer.apps.<CLUSTER URL>/user_walkthroughs
Logs in the pods showed
Error: Request failed with status code 401
at createError (/opt/app-root/src/node_modules/axios/lib/core/createError.js:16:15)
at settle (/opt/app-root/src/node_modules/axios/lib/core/settle.js:17:12)
at IncomingMessage.handleStreamEnd (/opt/app-root/src/node_modules/axios/lib/adapters/http.js:237:11)
at IncomingMessage.emit (events.js:203:15)
at endReadableNT (_stream_readable.js:1145:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
and the return message in curl was
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Internal Server Error</pre>
</body>
</html>
@Boomatang updated the return codes now. It should now return 401 instead of 500.
@pb82 I have looked over the changes and it works how I would expect it to work. In my view this can be merged.
Only admins (cluster or dedicated) should be able to modify user walkthrough content. Retrieving the content is not restricted.
Verification steps:
Granting access to <user name>
user_walkthroughs
as a fetch or curl from the browser console