Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
2.5.11
-
Ubuntu 18.04
Description
Call to <your url>/api/ezp/v2/user/users?email=<an existing email>
leads to a response with statuscode 404 (not found) instead of 401 authenticated.
The problem is, the useremail we send is found in the database
@see: eZ\Publish\Core\REST\Server\Controller\User on Line 488
but an "ApiExceptions\UnauthorizedException" is thrown when the client is unauthenticated.
But this exception is eaten in a catch and an empty array of users is set wich leads to the wrong exceptiontype
@see: eZ\Publish\Core\REST\Server\Controller\User on Line 493
Current Response
Sample Response of existing user: { "ErrorMessage": { "_media-type": "application/vnd.ez.api.ErrorMessage+json", "errorCode": 404, "errorMessage": "Not Found", "errorDescription": "No users were found with the given filter", } }
Expected Response
{ "ErrorMessage": { "_media-type": "application/vnd.ez.api.ErrorMessage+json", "errorCode": 401, "errorMessage": "Not Authorized", "errorDescription": "You are not allowed to.....", } }