web/error: add AxumNope::Unauthorized to subsume all auth failures

Author: pflanze

src/web/builds.rs

@@ -169,10 +169,13 @@ pub(crate) async fn build_trigger_rebuild_handler(
             ))))?;
 
     // (Future: would it be better to have standard middleware handle auth?)
-    let TypedHeader(auth_header) =
-        opt_auth_header.ok_or(JsonAxumNope(AxumNope::MissingAuthenticationToken))?;
+    let TypedHeader(auth_header) = opt_auth_header.ok_or(JsonAxumNope(AxumNope::Unauthorized(
+        "Missing authentication token",
+    )))?;
     if auth_header.token() != expected_token {
-        return Err(JsonAxumNope(AxumNope::InvalidAuthenticationToken));
+        return Err(JsonAxumNope(AxumNope::Unauthorized(
+            "The token used for authentication is not valid",
+        )));
     }
 
     build_trigger_check(conn, &name, &version, &build_queue)
@@ -377,7 +380,6 @@ mod tests {
                 let response = env.frontend().post("/crate/regex/1.3.1/rebuild").send()?;
                 assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR);
                 let text = response.text()?;
-                assert!(text.contains("access token `trigger_rebuild_token` is not configured"));
                 let json: serde_json::Value = serde_json::from_str(&text)?;
                 assert_eq!(
                     json,
@@ -408,8 +410,8 @@ mod tests {
                 assert_eq!(
                     json,
                     serde_json::json!({
-                        "title": "Missing authentication token",
-                        "message": "The token used for authentication is missing"
+                        "title": "Unauthorized",
+                        "message": "Missing authentication token"
                     })
                 );
             }
@@ -426,7 +428,7 @@ mod tests {
                 assert_eq!(
                     json,
                     serde_json::json!({
-                        "title": "Invalid authentication token",
+                        "title": "Unauthorized",
                         "message": "The token used for authentication is not valid"
                     })
                 );

src/web/error.rs

@@ -28,10 +28,8 @@ pub enum AxumNope {
     VersionNotFound,
     #[error("Search yielded no results")]
     NoResults,
-    #[error("Missing authentication token")]
-    MissingAuthenticationToken,
-    #[error("Invalid authentication token")]
-    InvalidAuthenticationToken,
+    #[error("Unauthorized: {0}")]
+    Unauthorized(&'static str),
     #[error("internal error")]
     InternalError(anyhow::Error),
     #[error("bad request")]
@@ -97,14 +95,9 @@ impl AxumNope {
                 message: Cow::Owned(source.to_string()),
                 status: StatusCode::BAD_REQUEST,
             }),
-            AxumNope::MissingAuthenticationToken => ErrorResponse::ErrorInfo(ErrorInfo {
-                title: "Missing authentication token",
-                message: "The token used for authentication is missing".into(),
-                status: StatusCode::UNAUTHORIZED,
-            }),
-            AxumNope::InvalidAuthenticationToken => ErrorResponse::ErrorInfo(ErrorInfo {
-                title: "Invalid authentication token",
-                message: "The token used for authentication is not valid".into(),
+            AxumNope::Unauthorized(what) => ErrorResponse::ErrorInfo(ErrorInfo {
+                title: "Unauthorized",
+                message: what.into(),
                 status: StatusCode::UNAUTHORIZED,
             }),
             AxumNope::InternalError(source) => {