AuthHeader: Improve Authorization header error messages

Turbo87 · Turbo87 · commit a74cf67f83e9 · 2025-06-13T19:25:04.000+02:00
diff --git a/src/auth.rs b/src/auth.rs
@@ -25,13 +25,15 @@ impl AuthHeader {
         };
 
         let auth_header = auth_header.to_str().map_err(|_| {
-            let message = "Invalid authorization header";
+            let message = "Invalid `Authorization` header: Found unexpected non-ASCII characters";
             custom(StatusCode::UNAUTHORIZED, message)
         })?;
 
         let (scheme, token) = auth_header.split_once(' ').unwrap_or(("", auth_header));
         if !(scheme.eq_ignore_ascii_case("Bearer") || scheme.is_empty()) {
-            let message = "Invalid authorization header";
+            let message = format!(
+                "Invalid `Authorization` header: Found unexpected authentication scheme `{scheme}`"
+            );
             return Err(custom(StatusCode::UNAUTHORIZED, message));
         }
 
@@ -42,7 +44,7 @@ impl AuthHeader {
     pub async fn from_request_parts(parts: &Parts) -> Result<Self, BoxedAppError> {
         let auth = Self::optional_from_request_parts(parts).await?;
         auth.ok_or_else(|| {
-            let message = "Missing authorization header";
+            let message = "Missing `Authorization` header";
             custom(StatusCode::UNAUTHORIZED, message)
         })
     }
diff --git a/src/controllers/trustpub/tokens/revoke/mod.rs b/src/controllers/trustpub/tokens/revoke/mod.rs
@@ -25,7 +25,7 @@ mod tests;
 pub async fn revoke_trustpub_token(app: AppState, auth: AuthHeader) -> AppResult<StatusCode> {
     let token = auth.token().expose_secret();
     let Ok(token) = AccessToken::from_byte_str(token.as_bytes()) else {
-        let message = "Invalid authorization header";
+        let message = "Invalid `Authorization` header: Failed to parse token";
         return Err(custom(StatusCode::UNAUTHORIZED, message));
     };
 
diff --git a/src/controllers/trustpub/tokens/revoke/tests.rs b/src/controllers/trustpub/tokens/revoke/tests.rs
@@ -88,7 +88,7 @@ async fn test_missing_authorization_header() -> anyhow::Result<()> {
 
     let response = client.delete::<()>(URL).await;
     assert_snapshot!(response.status(), @"401 Unauthorized");
-    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Missing authorization header"}]}"#);
+    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Missing `Authorization` header"}]}"#);
 
     Ok(())
 }
@@ -103,7 +103,7 @@ async fn test_invalid_authorization_header_format() -> anyhow::Result<()> {
 
     let response = token_client.delete::<()>(URL).await;
     assert_snapshot!(response.status(), @"401 Unauthorized");
-    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid authorization header"}]}"#);
+    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid `Authorization` header: Failed to parse token"}]}"#);
 
     Ok(())
 }
@@ -118,7 +118,7 @@ async fn test_invalid_token_format() -> anyhow::Result<()> {
 
     let response = token_client.delete::<()>(URL).await;
     assert_snapshot!(response.status(), @"401 Unauthorized");
-    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid authorization header"}]}"#);
+    assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid `Authorization` header: Failed to parse token"}]}"#);
 
     Ok(())
 }

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ async fn test_missing_authorization_header() -> anyhow::Result<()> {`
`88`	`88`
`89`	`89`	`let response = client.delete::<()>(URL).await;`
`90`	`90`	`assert_snapshot!(response.status(), @"401 Unauthorized");`
`91`		`- assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Missing authorization header"}]}"#);`
	`91`	+ assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Missing `Authorization` header"}]}"#);
`92`	`92`
`93`	`93`	`Ok(())`
`94`	`94`	`}`
`@@ -103,7 +103,7 @@ async fn test_invalid_authorization_header_format() -> anyhow::Result<()> {`
`103`	`103`
`104`	`104`	`let response = token_client.delete::<()>(URL).await;`
`105`	`105`	`assert_snapshot!(response.status(), @"401 Unauthorized");`
`106`		`- assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid authorization header"}]}"#);`
	`106`	+ assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid `Authorization` header: Failed to parse token"}]}"#);
`107`	`107`
`108`	`108`	`Ok(())`
`109`	`109`	`}`
`@@ -118,7 +118,7 @@ async fn test_invalid_token_format() -> anyhow::Result<()> {`
`118`	`118`
`119`	`119`	`let response = token_client.delete::<()>(URL).await;`
`120`	`120`	`assert_snapshot!(response.status(), @"401 Unauthorized");`
`121`		`- assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid authorization header"}]}"#);`
	`121`	+ assert_snapshot!(response.text(), @r#"{"errors":[{"detail":"Invalid `Authorization` header: Failed to parse token"}]}"#);
`122`	`122`
`123`	`123`	`Ok(())`
`124`	`124`	`}`