Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work around error responses without message property #324

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Work around error responses without message property #324

wants to merge 4 commits into from

Conversation

ggalmazor
Copy link

@ggalmazor ggalmazor commented Sep 24, 2024
edited
Loading

Fixes #295

Currently, the body of 401 Mailgun's API responses doesn't include a message property. Instead, an Error (case-sensitive) property has the error message:

{"Error":"unauthorized"}

This causes the current implementation of this gem to raise a runtime error instead of a Mailgun::CommunicationError, as expected.

This PR:

  • Adds a workaround to avoid a runtime error from being raised
  • Uses the Error property (if present) to compute the error's message
  • Adds a unit test to verify this behavior

Example of an affected API request:

curl -i -X GET \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 401
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 18:41:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
www-authenticate: Basic realm="MG API"
x-xss-protection: 1; mode=block
content-length: 24

{"Error":"unauthorized"}

I've also noticed that using get instead of GET (even though it would be incorrect) as the HTTP method will get a different API response:

curl -i -X get \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 404
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 19:14:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-xss-protection: 1; mode=block
content-length: 21

{"error":"not found"}

Other insights about API HTTP 401 responses

After testing every endpoint in the OpenAPI spec file with an invalid token, all endpoints consistently respond with {"Error":"unauthorized"} except for these:

HTTP Method Endpoint Response body
GET /v3/domains/{domain_name}/messages/{storage_key} Forbidden
DELETE /v3/{domain_name}/envelopes (empty body)
POST /v3/{domain_name}/messages Forbidden
POST /v3/{domain_name}/messages.mime Forbidden

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Follow up error while processing response of an unauthorized request
1 participant
@ggalmazor