From 804b4f32f84626a6820433ab78e10e08774a9cbe Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Fri, 20 Oct 2017 20:00:13 +0530
Subject: [PATCH] better error message when API authentication fails

---
 app/controllers/application_controller.rb                  | 2 +-
 config/locales/server.en.yml                               | 1 +
 lib/auth/default_current_user_provider.rb                  | 2 +-
 spec/components/auth/default_current_user_provider_spec.rb | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index aad7b9a4e91..75256ea49d0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -171,7 +171,7 @@ class ApplicationController < ActionController::Base
       begin
         current_user
       rescue Discourse::InvalidAccess
-        return render plain: I18n.t(type), status: status_code
+        return render plain: I18n.t(opts[:custom_message] || type), status: status_code
       end
 
       render html: build_not_found_page(status_code, opts[:include_ember] ? 'application' : 'no_ember')
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 726820abbe1..0b3f9fb35ff 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -164,6 +164,7 @@ en:
   not_logged_in: "You need to be logged in to do that."
   not_found: "The requested URL or resource could not be found."
   invalid_access: "You are not permitted to view the requested resource."
+  invalid_api_credentials: "You are not permitted to view the requested resource. The API username or key is invalid."
   read_only_mode_enabled: "The site is in read only mode. Interactions are disabled."
 
   reading_time: "Reading time"
diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index eb1e014f02e..f454c67e8a4 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -76,7 +76,7 @@ class Auth::DefaultCurrentUserProvider
     # possible we have an api call, impersonate
     if api_key
       current_user = lookup_api_user(api_key, request)
-      raise Discourse::InvalidAccess unless current_user
+      raise Discourse::InvalidAccess.new(I18n.t('invalid_api_credentials'), nil, custom_message: "invalid_api_credentials") unless current_user
       raise Discourse::InvalidAccess if current_user.suspended? || !current_user.active
       @env[API_KEY_ENV] = true
     end
diff --git a/spec/components/auth/default_current_user_provider_spec.rb b/spec/components/auth/default_current_user_provider_spec.rb
index 4c93ed64812..d742a6deb73 100644
--- a/spec/components/auth/default_current_user_provider_spec.rb
+++ b/spec/components/auth/default_current_user_provider_spec.rb
@@ -19,7 +19,7 @@ describe Auth::DefaultCurrentUserProvider do
   it "raises errors for incorrect api_key" do
     expect {
       provider("/?api_key=INCORRECT").current_user
-    }.to raise_error(Discourse::InvalidAccess)
+    }.to raise_error(Discourse::InvalidAccess, /API username or key is invalid/)
   end
 
   it "finds a user for a correct per-user api key" do