Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work around error responses without message property #324

Merged
merged 4 commits into from
Oct 7, 2024
Merged

Work around error responses without message property #324

merged 4 commits into from
Oct 7, 2024

Conversation

ggalmazor
Copy link
Contributor

@ggalmazor ggalmazor commented Sep 24, 2024
edited
Loading

Fixes #295

Currently, the body of 401 Mailgun's API responses doesn't include a message property. Instead, an Error (case-sensitive) property has the error message:

{"Error":"unauthorized"}

This causes the current implementation of this gem to raise a runtime error instead of a Mailgun::CommunicationError, as expected.

This PR:

  • Adds a workaround to avoid a runtime error from being raised
  • Uses the Error property (if present) to compute the error's message
  • Adds a unit test to verify this behavior

Example of an affected API request:

curl -i -X GET \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 401
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 18:41:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
www-authenticate: Basic realm="MG API"
x-xss-protection: 1; mode=block
content-length: 24

{"Error":"unauthorized"}

I've also noticed that using get instead of GET (even though it would be incorrect) as the HTTP method will get a different API response:

curl -i -X get \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 404
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 19:14:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-xss-protection: 1; mode=block
content-length: 21

{"error":"not found"}

Other insights about API HTTP 401 responses

After testing every endpoint in the OpenAPI spec file with an invalid token, all endpoints consistently respond with {"Error":"unauthorized"} except for these:

HTTP Method Endpoint Response body
GET /v3/domains/{domain_name}/messages/{storage_key} Forbidden
DELETE /v3/{domain_name}/envelopes (empty body)
POST /v3/{domain_name}/messages Forbidden
POST /v3/{domain_name}/messages.mime Forbidden

@mgrishko mgrishko merged commit 248db41 into mailgun:master Oct 7, 2024
@ggalmazor ggalmazor deleted the bug/295 branch October 7, 2024 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgrishko mgrishko mgrishko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Follow up error while processing response of an unauthorized request
2 participants
@ggalmazor @mgrishko