Skip to content
This repository was archived by the owner on Sep 24, 2018. It is now read-only.

Provide more helpful error message/code on Post Create/Update fail#2053

Merged
danielbachhuber merged 1 commit intodevelopfrom
helpful-error-create-update-post
Jan 20, 2016
Merged

Provide more helpful error message/code on Post Create/Update fail#2053
danielbachhuber merged 1 commit intodevelopfrom
helpful-error-create-update-post

Conversation

@danielbachhuber
Copy link
Member

@danielbachhuber danielbachhuber commented Jan 19, 2016

Instead of returning a generic rest_forbidden error, let's return an
error message indicating which operation failed, and 401 instead of 403
when the request is unauthenticated.

From https://core.trac.wordpress.org/ticket/35527

@danielbachhuber
Provide more helpful error message/code on Post Create/Update fail
6ed1b71 
Instead of returning a generic `rest_forbidden` error, let's return an
error message indicating which operation failed, and 401 instead of 403
when the request is unauthenticated.
@danielbachhuber danielbachhuber added this to the 2.0 Beta 11 milestone Jan 19, 2016
@danielbachhuber
Copy link
Member Author

danielbachhuber commented Jan 19, 2016

@WP-API/amigos #reviewmerge

@kadamwhite
Copy link
Contributor

kadamwhite commented Jan 19, 2016

👍 Not a PHP expert personally but this looks good, and is definitely an improvement over the current state of affairs.

@kadamwhite
Copy link
Contributor

kadamwhite commented Jan 19, 2016

Technically the difference b/w 401 and 403 looks to be a matter of "is not authenticated" (401) vs "is authenticated but does not have credentials" (403). If we're returning a 403 for PUT errors based on capacity, is there previously a place where we checked whether the user is authenticated and returned a 401 if not?

@danielbachhuber
Copy link
Member Author

danielbachhuber commented Jan 19, 2016

If we're returning a 403 for PUT errors based on capacity, is there previously a place where we checked whether the user is authenticated and returned a 401 if not?

I'm not sure I follow. Can you clarify?

joehoyle
joehoyle reviewed Jan 20, 2016
View reviewed changes
lib/endpoints/class-wp-rest-posts-controller.php
Copy link
Member

@joehoyle joehoyle Jan 20, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be using the post type labels here? Trying to create a page will show "posts" right now

Copy link
Member Author

@danielbachhuber danielbachhuber Jan 20, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, although all of our strings need to be updated to this effect, so I'd rather file it as a secondary issue.

Copy link
Member Author

@danielbachhuber danielbachhuber Jan 20, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2056

@danielbachhuber danielbachhuber mentioned this pull request Jan 20, 2016
Open
danielbachhuber added a commit that referenced this pull request Jan 20, 2016
@danielbachhuber
Merge pull request #2053 from WP-API/helpful-error-create-update-post
baef92a 
Provide more helpful error message/code on Post Create/Update fail
@danielbachhuber danielbachhuber merged commit baef92a into develop Jan 20, 2016
@danielbachhuber danielbachhuber deleted the helpful-error-create-update-post branch January 20, 2016 04:28
@kadamwhite
Copy link
Contributor

kadamwhite commented Jan 20, 2016

I'm not sure I follow. Can you clarify?

Sorry for the delayed response. What I mean was, if I interpret Wikipedia correctly ( && if Wikipedia represents proper usage), then both POST and PUT should generate a 401 if the user is unauthenticated:

401 Unauthorized: Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. 401 semantically means "unauthenticated", i.e. "you don't have necessary credentials".

and then, once logged in, both POST and PUT should generate a 403 if the user does not have the requisite permissions:

403 Forbidden: The request was a valid request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference.[38] 403 error semantically means "unauthorized", i.e. "you don't have necessary permissions for the resource".

It looks (based purely on this PR) like we blanket-group POST errors as 401 and PUT as 403, which looks incorrect. I have not read through the rest of the code to determine whether this is the case, however.

@kadamwhite
Copy link
Contributor

kadamwhite commented Jan 20, 2016

...I was misreading the code completely. Please disregard the noise.

@dave-green-uk dave-green-uk mentioned this pull request Jun 26, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

Review

Projects

None yet

Milestone

2.0 Beta 11

Development

Successfully merging this pull request may close these issues.

3 participants

@danielbachhuber @kadamwhite @joehoyle