Update API status codes (#2353)

* Update HTTP status codes

* Catch JSON parsing errors.

Author: mikejolley

assets/js/data/shared-controls.js

@@ -1,6 +1,7 @@
 /**
  * External dependencies
  */
+import { __ } from '@wordpress/i18n';
 import triggerFetch from '@wordpress/api-fetch';
 
 /**
@@ -18,6 +19,17 @@ export const apiFetchWithHeaders = ( options ) => {
 	};
 };
 
+/**
+ * Error thrown when JSON cannot be parsed.
+ */
+const invalidJsonError = {
+	code: 'invalid_json',
+	message: __(
+		'The response is not a valid JSON response.',
+		'woo-gutenberg-products-block'
+	),
+};
+
 /**
  * Default export for registering the controls with the store.
  *
@@ -29,17 +41,30 @@ export const controls = {
 		return new Promise( ( resolve, reject ) => {
 			triggerFetch( { ...options, parse: false } )
 				.then( ( fetchResponse ) => {
-					fetchResponse.json().then( ( response ) => {
-						resolve( { response, headers: fetchResponse.headers } );
-						triggerFetch.setNonce( fetchResponse.headers );
-					} );
+					fetchResponse
+						.json()
+						.then( ( response ) => {
+							resolve( {
+								response,
+								headers: fetchResponse.headers,
+							} );
+							triggerFetch.setNonce( fetchResponse.headers );
+						} )
+						.catch( () => {
+							reject( invalidJsonError );
+						} );
 				} )
 				.catch( ( errorResponse ) => {
 					if ( typeof errorResponse.json === 'function' ) {
 						// Parse error response before rejecting it.
-						errorResponse.json().then( ( error ) => {
-							reject( error );
-						} );
+						errorResponse
+							.json()
+							.then( ( error ) => {
+								reject( error );
+							} )
+							.catch( () => {
+								reject( invalidJsonError );
+							} );
 					} else {
 						reject( errorResponse.message );
 					}

src/StoreApi/Routes/AbstractRoute.php

@@ -106,7 +106,7 @@ protected function check_nonce( \WP_REST_Request $request ) {
 		}
 
 		if ( null === $nonce ) {
-			throw new RouteException( 'woocommerce_rest_missing_nonce', __( 'Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.', 'woo-gutenberg-products-block' ), 403 );
+			throw new RouteException( 'woocommerce_rest_missing_nonce', __( 'Missing the X-WC-Store-API-Nonce header. This endpoint requires a valid nonce.', 'woo-gutenberg-products-block' ), 401 );
 		}
 
 		$valid_nonce = wp_verify_nonce( $nonce, 'wc_store_api' );

src/StoreApi/Routes/CartRemoveCoupon.php

@@ -63,7 +63,7 @@ protected function get_route_post_response( \WP_REST_Request $request ) {
 		$coupon      = new \WC_Coupon( $coupon_code );
 
 		if ( $coupon->get_code() !== $coupon_code || ! $coupon->is_valid() ) {
-			throw new RouteException( 'woocommerce_rest_cart_coupon_error', __( 'Invalid coupon code.', 'woo-gutenberg-products-block' ), 403 );
+			throw new RouteException( 'woocommerce_rest_cart_coupon_error', __( 'Invalid coupon code.', 'woo-gutenberg-products-block' ), 400 );
 		}
 
 		if ( ! $controller->has_coupon( $coupon_code ) ) {

src/StoreApi/Routes/CartSelectShippingRate.php

@@ -64,7 +64,7 @@ protected function get_route_post_response( \WP_REST_Request $request ) {
 		}
 
 		if ( ! isset( $request['package_id'] ) || ! is_numeric( $request['package_id'] ) ) {
-			throw new RouteException( 'woocommerce_rest_cart_missing_package_id', __( 'Invalid Package ID.', 'woo-gutenberg-products-block' ), 403 );
+			throw new RouteException( 'woocommerce_rest_cart_missing_package_id', __( 'Invalid Package ID.', 'woo-gutenberg-products-block' ), 400 );
 		}
 
 		$controller = new CartController();

src/StoreApi/Utilities/CartController.php

@@ -64,7 +64,7 @@ public function add_to_cart( $request ) {
 						__( '"%s" is already inside your cart.', 'woo-gutenberg-products-block' ),
 						$product->get_name()
 					),
-					403
+					400
 				);
 			}
 			wc()->cart->set_quantity( $existing_cart_id, $request['quantity'] + wc()->cart->cart_contents[ $existing_cart_id ]['quantity'], true );
@@ -133,7 +133,7 @@ public function set_cart_item_quantity( $item_id, $quantity = 1 ) {
 					__( '"%s" is already inside your cart.', 'woo-gutenberg-products-block' ),
 					$product->get_name()
 				),
-				403
+				400
 			);
 		}
 
@@ -161,7 +161,7 @@ public function validate_add_to_cart( \WC_Product $product, $request ) {
 					__( 'You cannot add "%s" to the cart because the product is out of stock.', 'woo-gutenberg-products-block' ),
 					$product->get_name()
 				),
-				403
+				400
 			);
 		}
 
@@ -178,7 +178,7 @@ public function validate_add_to_cart( \WC_Product $product, $request ) {
 						$product->get_name(),
 						wc_format_stock_quantity_for_display( $qty_remaining, $product )
 					),
-					403
+					400
 				);
 			}
 		}
@@ -270,7 +270,7 @@ public function validate_cart_item( $cart_item ) {
 					__( 'There are too many "%s" in the cart. Only 1 can be purchased.', 'woo-gutenberg-products-block' ),
 					$product->get_name()
 				),
-				403
+				400
 			);
 		}
 
@@ -282,7 +282,7 @@ public function validate_cart_item( $cart_item ) {
 					__( '"%s" is out of stock and cannot be purchased.', 'woo-gutenberg-products-block' ),
 					$product->get_name()
 				),
-				403
+				400
 			);
 		}
 
@@ -304,7 +304,7 @@ public function validate_cart_item( $cart_item ) {
 						wc_format_stock_quantity_for_display( $qty_remaining, $product ),
 						$product->get_name()
 					),
-					403
+					400
 				);
 			}
 		}
@@ -518,7 +518,7 @@ public function apply_coupon( $coupon_code ) {
 					__( '"%s" is an invalid coupon code.', 'woo-gutenberg-products-block' ),
 					esc_html( $coupon_code )
 				),
-				403
+				400
 			);
 		}
 
@@ -530,15 +530,15 @@ public function apply_coupon( $coupon_code ) {
 					__( 'Coupon code "%s" has already been applied.', 'woo-gutenberg-products-block' ),
 					esc_html( $coupon_code )
 				),
-				403
+				400
 			);
 		}
 
 		if ( ! $coupon->is_valid() ) {
 			throw new RouteException(
 				'woocommerce_rest_cart_coupon_error',
 				wp_strip_all_tags( $coupon->get_error_message() ),
-				403
+				400
 			);
 		}
 
@@ -561,7 +561,7 @@ function( $code ) {
 						__( '"%s" has already been applied and cannot be used in conjunction with other coupons.', 'woo-gutenberg-products-block' ),
 						$code
 					),
-					403
+					400
 				);
 			}
 		}
@@ -654,7 +654,7 @@ protected function get_product_for_cart( $request ) {
 			throw new RouteException(
 				'woocommerce_rest_cart_invalid_product',
 				__( 'This product cannot be added to the cart.', 'woo-gutenberg-products-block' ),
-				403
+				400
 			);
 		}
 
@@ -696,7 +696,7 @@ protected function throw_default_product_exception( \WC_Product $product ) {
 				__( '"%s" is not available for purchase.', 'woo-gutenberg-products-block' ),
 				$product->get_name()
 			),
-			403
+			400
 		);
 	}
 
@@ -903,7 +903,7 @@ protected function get_variable_product_attributes( $product ) {
 			throw new RouteException(
 				'woocommerce_rest_cart_invalid_parent_product',
 				__( 'This product cannot be added to the cart.', 'woo-gutenberg-products-block' ),
-				403
+				400
 			);
 		}
 

src/StoreApi/Utilities/ReserveStock.php

@@ -90,7 +90,7 @@ function( $item ) {
 							__( '"%s" is out of stock and cannot be purchased.', 'woo-gutenberg-products-block' ),
 							$product->get_name()
 						),
-						403
+						400
 					);
 				}
 
@@ -184,7 +184,7 @@ private function reserve_stock_for_product( $product_id, $stock_quantity, \WC_Or
 					__( 'Not enough units of %s are available in stock to fulfil this order.', 'woo-gutenberg-products-block' ),
 					$product ? $product->get_name() : '#' . $product_id
 				),
-				403
+				400
 			);
 		}
 	}

src/StoreApi/docs/cart.md

@@ -259,7 +259,7 @@ If a cart action cannot be performed, an error response will be returned. This w
   "code": "woocommerce_rest_cart_invalid_product",
   "message": "This product cannot be added to the cart.",
   "data": {
-    "status": 403
+    "status": 400
   }
 }
 ```

tests/php/StoreApi/Routes/Cart.php

@@ -332,7 +332,7 @@ public function test_remove_coupon() {
 		);
 		$response = $this->server->dispatch( $request );
 		$data     = $response->get_data();
-		$this->assertEquals( 403, $response->get_status() );
+		$this->assertEquals( 400, $response->get_status() );
 
 		// Applied coupon.
 		$request = new WP_REST_Request( 'POST', '/wc/store/cart/remove-coupon' );

tests/php/StoreApi/Routes/CartItems.php

@@ -148,7 +148,7 @@ public function test_invalid_create_item() {
 		);
 		$response = $this->server->dispatch( $request );
 
-		$this->assertEquals( 403, $response->get_status() );
+		$this->assertEquals( 400, $response->get_status() );
 	}
 
 	/**