WebAPI: return correct status

Fix web API returning Not Found instead of Forbidden.

When not having a session the API would return "Not Found" instead of "Forbidden" when trying to access a non-public endpoint.

PR #16866.
This commit is contained in:
Requi 2022-04-14 07:26:19 +02:00 committed by GitHub
parent a2b85ba1fd
commit 669b67e666
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -252,6 +252,9 @@ void WebApplication::doProcessRequest()
const QString action = match.captured(u"action"_qs);
const QString scope = match.captured(u"scope"_qs);
if (!session() && !isPublicAPI(scope, action))
throw ForbiddenHTTPError();
APIController *controller = nullptr;
if (session())
controller = session()->getAPIController(scope);
@ -263,9 +266,6 @@ void WebApplication::doProcessRequest()
throw NotFoundHTTPError();
}
if (!session() && !isPublicAPI(scope, action))
throw ForbiddenHTTPError();
DataMap data;
for (const Http::UploadedFile &torrent : request().files)
data[torrent.filename] = torrent.data;