How return HTTP Status 403

Question

Question

Token Ibragimov · Oct 31, 2023

#Authentication #Caché

Hello,

I'm making rest API service with Authentication.

How I can return HTTP Status 403 if user enter invalid login or password?

Now returning Http status 200.

Class RestAPI Extends %CSP.REST
{

XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap" ]
{
<Routes>

<Map Prefix="/restforms" Forward="Form.REST.Main"/>
<Route Url="/auth/:login/:pass" Method="GET" Call="CheckUser" Cors="true"/>
</Routes>
}

ClassMethod CheckUser(userAw, pwdAw) As %String
{

set %response.ContentType = "application/json"

// my code to check auth

Set object = {}
Set object.status = -1
Set object.message = "HTTP/1.1 401 Authorization Required"
w object.%ToJSON()

}

Product version: Caché 2017.1

Discussion (3)0

Log in or sign up to continue

Dmitry Maslennikov · Oct 31, 2023

FYI, incorrect login/password should be status 401
403 when access to something above the granted roles

use Status property in %CSP.Response

set %response.Status = 401
// or
set %response.Status = 403

2 0

score 0 · Answer 1 · 2023-10-31T01:36:28-04:00

Token Ibragimov · Oct 31, 2023

Thank you.

0 0

score 0 · Answer 2 · 2023-10-31T02:17:56-04:00

You can use %SetStatusCode from the %REST.Impl class definition. This class have additional methods available to set the response related stuffs like below

do ##class(%REST.Impl).%SetStatusCode(..#HTTP401UNAUTHORIZED)