I can see the error 400 for "message": "You are not authorized to run this query. Re

I use this code: <div class="snippet-clipboard-content notranslate position-relati

I use this code: <div class="snippet-clipboard-content notranslate po

How do I make unauthorized return 401? about authorization HOT 5 CLOSED

graphql-dotnet commented on July 18, 2024

How do I make unauthorized return 401?

from authorization.

Comments (5)

ntaranov commented on July 18, 2024 2

I use this code:

    private async Task WriteResponseAsync(HttpContext context, ExecutionResult result)
    {
        var json = _writer.Write(result);

        context.Response.ContentType = "application/json";
        context.Response.StatusCode = result.Errors?.Any() != true
            ? (int)HttpStatusCode.OK
            : result.Errors?.Any(er => (er as ValidationError)?.ErrorCode  == "authorization") == true
                ? (int)HttpStatusCode.Unauthorized
                : (int)HttpStatusCode.BadRequest;

        await context.Response.WriteAsync(json);
    }

I actually would be happy to see this integrated in the project.

from authorization.

alonstar commented on July 18, 2024 1

oh, I got it , thanks.

from authorization.

joemcbride commented on July 18, 2024

You would need to handle that in your http server. If you are using the server project then this is the code that would need to be changed:

https://github.com/graphql-dotnet/server/blob/a54a95f3807ade7aa4e23cce76fe8e58211053a0/src/AspNetCore/GraphQLHttpMiddleware.cs#L77

At present it just does a 400 error on any error.

from authorization.

okarlsson commented on July 18, 2024

If anyone else bumps into this:

I just build a simple if statement that checks for authorization errors in the ExecutionResult like this:

if (result.Errors?.Count > 0)
{
        if (result.Errors.Select(e => e.Code).Contains("authorization"))
	{
		var retval = new ErrorResponse()
		{
			MessageForUser = "Unauthorized",
			MessageForDev = GetErrorMessage(result.Errors)
		};
                return new JsonResult(retval)
		{
			StatusCode = 401
		};
	}
	else
	{
		var retval = new ErrorResponse()
		{
			MessageForUser = GetErrorMessage(result.Errors),
			MessageForDev = GetErrorMessage(result.Errors)
		};

		return BadRequest(retval);
	}
}

return Ok(result);
}

private string GetErrorMessage(ExecutionErrors errors)
{
	return string.Join(", ", errors.Select(e => e.Message));
}

from authorization.

giososa24 commented on July 18, 2024

I use this code:

    private async Task WriteResponseAsync(HttpContext context, ExecutionResult result)
    {
        var json = _writer.Write(result);

        context.Response.ContentType = "application/json";
        context.Response.StatusCode = result.Errors?.Any() != true
            ? (int)HttpStatusCode.OK
            : result.Errors?.Any(er => (er as ValidationError)?.ErrorCode  == "authorization") == true
                ? (int)HttpStatusCode.Unauthorized
                : (int)HttpStatusCode.BadRequest;

        await context.Response.WriteAsync(json);
    }

I actually would be happy to see this integrated in the project.

Hi, I have a question, where do you put this code?

from authorization.

Recommend Projects