0
336
Question Token Ibragimov · Oct 31, 2023

How return HTTP Status 403

#Caché #Authentication

Hello,

I'm making rest API service with Authentication.

How I can return HTTP Status 403 if user enter invalid login or password?

Now returning Http status 200.

Class RestAPI Extends %CSP.REST
{

XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap]
{
<Routes>

<Map Prefix="/restforms" Forward="Form.REST.Main"/>
<Route Url="/auth/:login/:pass" Method="GET" Call="CheckUser" Cors="true"/>
</Routes>
}

ClassMethod CheckUser(userAw, pwdAw) As %String
{

set %response.ContentType = "application/json"

// my code to check auth

Set object = {}
Set object.status = -1
Set object.message = "HTTP/1.1 401 Authorization Required"
object.%ToJSON()

}

}

Product version: Caché 2017.1
Discussion (3)0
Log in or sign up to continue

Comments

Dmitry Maslennikov · Oct 31, 2023

FYI, incorrect login/password should be status 401
403 when access to something above the granted roles

use Status property in %CSP.Response

set %response.Status = 401
// or
set %response.Status = 403
0
Ashok Kumar T · Oct 31, 2023

You can use %SetStatusCode from the %REST.Impl class definition. This class have additional methods available to set the response related stuffs like below

do ##class(%REST.Impl).%SetStatusCode(..#HTTP401UNAUTHORIZED)
0