Skip to content

Unexpected http request status code for unauthorized user #265

Description

@maximeboucher5

I'm running test on a custom service API with OpenTera. I'm trying to access participant information via an unauthorized user. I'm getting a status code 200, when I think I should receive something like 403, even though the demanded user's data aren't in the response.

params = {'id_participant': request_id}
response_opentera = self.service.get_from_opentera_with_token(token = current_user_client.user_token, api_url='/api/user/participants', params=params)

In this code, the user_token is from a user that has no access to the participant's group associated with this id.

Output from the code snippet:
response_opentera.text: "null\n"
response_opentera.status_code: 200

OpenTera is running in a docker. The request are made from outside the docker, still locally.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingenhancementNew feature or request

    Type

    Fields

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions