Refactor error handling in BewitAuthorizationMiddleware to provide a more descriptive authorization failure message.

glucaci · glucaci · commit 8e00824ed964 · 2025-04-23T15:11:56.000+02:00
diff --git a/src/Extensions.HotChocolate/Validation/BewitAuthorizationMiddleware.cs b/src/Extensions.HotChocolate/Validation/BewitAuthorizationMiddleware.cs
@@ -55,15 +55,15 @@ public async Task InvokeAsync(IMiddlewareContext context)
         private void CreateError(IMiddlewareContext context, Exception ex = default)
         {
             IErrorBuilder errorBuilder = ErrorBuilder.New()
-                .SetMessage("NotAuthorized")
-                .SetPath(context.Path)
-                .AddLocation(context.Selection.SyntaxNode);
+                .SetMessage("The current user is not authorized to access this resource.")
+                .SetCode(ErrorCodes.Authentication.NotAuthorized);
 
             if (ex != default)
             {
                 errorBuilder.SetException(ex);
             }
 
+            context.ContextData[WellKnownContextData.HttpStatusCode] = 401;
             context.Result = errorBuilder.Build();
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -55,15 +55,15 @@ public async Task InvokeAsync(IMiddlewareContext context)`
`55`	`55`	`private void CreateError(IMiddlewareContext context, Exception ex = default)`
`56`	`56`	`{`
`57`	`57`	`IErrorBuilder errorBuilder = ErrorBuilder.New()`
`58`		`- .SetMessage("NotAuthorized")`
`59`		`- .SetPath(context.Path)`
`60`		`- .AddLocation(context.Selection.SyntaxNode);`
	`58`	`+ .SetMessage("The current user is not authorized to access this resource.")`
	`59`	`+ .SetCode(ErrorCodes.Authentication.NotAuthorized);`
`61`	`60`
`62`	`61`	`if (ex != default)`
`63`	`62`	`{`
`64`	`63`	`errorBuilder.SetException(ex);`
`65`	`64`	`}`
`66`	`65`
	`66`	`+ context.ContextData[WellKnownContextData.HttpStatusCode] = 401;`
`67`	`67`	`context.Result = errorBuilder.Build();`
`68`	`68`	`}`
`69`	`69`	`}`