-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[actix-web-httpauth] Custom response body when Bearer token is missing? #156
Comments
You can compose this with the errhandlers middleware. If you need to pass data to it, consider request extensions (search docs for |
Hey! Thanks for your quick response. 😄 I have searched the docs for .wrap(ErrorHandlers::new().handler(actix_web::http::StatusCode::UNAUTHORIZED, |mut res| {
println!("Inside handler!");
res = res.map_body(|_,_| ResponseBody::Body(Body::from(serde_json::json!(build_error_response(
ApiErrorCode::MissingToken as u64,
ApiErrorMessage::MissingToken.value(),
None
)).to_string())));
Ok(ErrorHandlerResponse::Response(res))
})) It is set after I'm still getting the status code without body, in fact, the |
Does anyone know what I might be doing wrong? |
probably same bug as #127 |
I've taken a look at #127 but I am not using
This is the postman response: If you need more info I will gladly provide it. |
If not, another option would be to add a function ...
async move {
let (req, credentials) = match Extract::<T>::new(req).await {
Ok(req) => req,
Err((err, req)) => {
return if let Some(callback) = self.extraction_error_callback {
callback(req, err);
} else {
Ok(req.error_response(err));
}
}
};
... It's just a draft so I know it might have some errors. What do you think about it? If you want I can try to implement it. |
Hey. After some hours I managed to achieve what I was looking for. I just pushed the changes in my fork so if you want you and specially @robjtede can review them before I open a PR. Probably my approach is not the best or contains some rookie errors as I'm quite new to rust. Check them out here: https://github.com/PauMAVA/actix-extras/tree/extraction-error-handler I'm using the error callback as: fn on_missing_header(req: ServiceRequest, _err: actix_web::error::Error) -> Result<ServiceResponse, actix_web::error::Error> {
Ok(req.into_response(
HttpResponse::Unauthorized().json(serde_json::json!(build_error_response(
ApiErrorCode::MissingToken as u64,
ApiErrorMessage::MissingToken.value(),
None
)))
))
}
HttpServer::new(move || {
let auth_validator = HttpAuthentication::bearer(jwt_validate)
.on_extraction_error(Box::new(on_missing_header))
.exclude_path("/api/v?/auth/*")
.exclude_path("/hello");
...
}) Also, note I added a function |
@PauMAVA That sounds awesome. Thank you for your work, I hope it gets merged. I've recently got the usual ErrorHandlers middleware, with actix-cors and bearer, working too. After looking at your version it seems, at least to me, like the better solution to rely on your implementation though since it involves fewer calls and also doesn't require wrapping around another middleware. Edit: Thank you for adding |
Thoughts about this? @robjtede |
i as a user would appreciate if i could decide myself what happens if the auth header is missing. How about adding an additional method with |
@PauMAVA Your solution is pretty good. Please consider opening a PR! |
should be doable now with #205; released in actix-web-httpauth v0.6.0-beta.4 |
In case anyone ends up here like I did, searching for optional |
Is this still active? I'm looking for exactly this function in order to make a custom response when the token header is missing. |
@EvilWatermelon did you see this? #295 |
Yes, but using |
I believe you want
|
I did not saw that I can use |
Np! here's where
|
The |
Hello!
I was wondering if there is any support for body/JSON content when the
Authorization: Bearer <token>
header is missing. I have the followingHttpAutentication
when creating the server app:The
jwt_validate
function is:This works fine (access is granted when the token is correct and access is denied when it's not), but when I don't use the header
Authorization: Bearer <token>
I just get a401 Unauthorized
code with an empty body. Is there a way of adding a customJSON
body to the401 Unauthorized
error response usingactix-web-httpauth
?Thanks in advance!
The text was updated successfully, but these errors were encountered: