mailgun-ruby icon indicating copy to clipboard operation
mailgun-ruby copied to clipboard

Published 20 hours ago verified publisher icon mailgun

Work around error responses without `message` property

Open ggalmazor opened this issue 5 months ago • 0 comments

Fixes #295

Currently, the body of 401 Mailgun's API responses doesn't include a message property. Instead, an Error (case-sensitive) property has the error message:

{"Error":"unauthorized"}

This causes the current implementation of this gem to raise a runtime error instead of a Mailgun::CommunicationError, as expected.

This PR:

  • Adds a workaround to avoid a runtime error from being raised
  • Uses the Error property (if present) to compute the error's message
  • Adds a unit test to verify this behavior

Example of an affected API request:

curl -i -X GET \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 401
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 18:41:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
www-authenticate: Basic realm="MG API"
x-xss-protection: 1; mode=block
content-length: 24

{"Error":"unauthorized"}

I've also noticed that using get instead of GET (even though it would be incorrect) as the HTTP method will get a different API response:

curl -i -X get \
  'https://api.mailgun.net/v3/foobar.com/events' \
  -H 'Authorization: chuchublabla'
HTTP/2 404
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-store
content-type: application/json
date: Tue, 24 Sep 2024 19:14:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-xss-protection: 1; mode=block
content-length: 21

{"error":"not found"}

Other insights about API HTTP 401 responses

After testing every endpoint in the OpenAPI spec file with an invalid token, all endpoints consistently respond with {"Error":"unauthorized"} except for these:

HTTP Method Endpoint Response body
GET /v3/domains/{domain_name}/messages/{storage_key} Forbidden
DELETE /v3/{domain_name}/envelopes (empty body)
POST /v3/{domain_name}/messages Forbidden
POST /v3/{domain_name}/messages.mime Forbidden

ggalmazor avatar Sep 24 '24 16:09 ggalmazor