Don't return error message for 404 errors from json api

misago/api/exceptionhandler.py

@@ -18,7 +18,7 @@ def handle_api_exception(exception, context):
             }
         elif isinstance(exception, Http404):
             response.data = {
-                'detail': six.text_type(exception) or "NOT FOUND",
+                'detail': 'NOT FOUND',
             }
         return response
     else:

misago/api/patch.py

@@ -138,5 +138,4 @@ class ApiPatch(object):
             return six.text_type(exception), 403
 
         if isinstance(exception, Http404):
-            # fixme: don't return exception's message
-            return six.text_type(exception) or "NOT FOUND", 404
+            return 'NOT FOUND', 404

misago/api/tests/test_exceptionhandler.py

@@ -32,26 +32,26 @@ class HandleAPIExceptionTests(TestCase):
         """permission denied exception is correctly handled"""
         response = exceptionhandler.handle_api_exception(PermissionDenied(), None)
         self.assertEqual(response.status_code, 403)
-        self.assertEqual(response.data['detail'], "Permission denied.")
+        self.assertEqual(response.data, {'detail': "Permission denied."})
 
     def test_permission_denied_message(self):
         """permission denied with message is correctly handled"""
         exception = PermissionDenied("You shall not pass!")
         response = exceptionhandler.handle_api_exception(exception, None)
         self.assertEqual(response.status_code, 403)
-        self.assertEqual(response.data['detail'], "You shall not pass!")
+        self.assertEqual(response.data, {'detail': "You shall not pass!"})
 
     def test_not_found(self):
         """exception handler sets NOT FOUND as default message for 404"""
         response = exceptionhandler.handle_api_exception(Http404(), None)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.data['detail'], "NOT FOUND")
+        self.assertEqual(response.data, {'detail': 'NOT FOUND'})
 
     def test_not_found_message(self):
-        """exception handler sets keeps as custom message for 404"""
+        """exception handler hides custom message behind 404 error"""
         response = exceptionhandler.handle_api_exception(Http404("Nada!"), None)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.data['detail'], "Nada!")
+        self.assertEqual(response.data, {'detail': 'NOT FOUND'})
 
     def test_unhandled_exception(self):
         """our exception handler is not interrupting other exceptions"""

misago/api/tests/test_patch_dispatch.py

@@ -47,7 +47,7 @@ class ApiPatchDispatchTests(TestCase):
         # dispatch requires list as an argument
         response = patch.dispatch(MockRequest({}), {})
         self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.data['detail'], "PATCH request should be a list of operations.")
+        self.assertEqual(response.data, {'detail': "PATCH request should be a list of operations."})
 
         # valid dispatch
         response = patch.dispatch(
@@ -98,7 +98,7 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.data['detail'], '"replace" op has to specify path.')
+        self.assertEqual(response.data, {'detail': '"replace" op has to specify path.'})
 
         # op raised validation error
         response = patch.dispatch(
@@ -127,7 +127,7 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.data['detail'], ["invalid data here!"])
+        self.assertEqual(response.data, {'detail': ["invalid data here!"]})
 
         # op raised api validation error
         response = patch.dispatch(
@@ -156,7 +156,7 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.data['detail'], ["invalid api data here!"])
+        self.assertEqual(response.data, {'detail': ["invalid api data here!"]})
 
         # action in dispatch raised perm denied
         response = patch.dispatch(
@@ -185,7 +185,7 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 403)
-        self.assertEqual(response.data['detail'], "yo ain't doing that!")
+        self.assertEqual(response.data, {'detail': "yo ain't doing that!"})
 
         # action in dispatch raised 404
         response = patch.dispatch(
@@ -214,7 +214,7 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.data['detail'], "NOT FOUND")
+        self.assertEqual(response.data, {'detail': 'NOT FOUND'})
 
         # action in dispatch raised 404 with message
         response = patch.dispatch(
@@ -243,4 +243,4 @@ class ApiPatchDispatchTests(TestCase):
         )
 
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.data['detail'], "something was removed")
+        self.assertEqual(response.data, {'detail': 'NOT FOUND'})

misago/api/tests/test_patch_dispatch_bulk.py

@@ -230,11 +230,11 @@ class ApiPatchDispatchBulkTests(TestCase):
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.data, [
-            {'id': '5', 'status': '404', 'detail': "NOT FOUND"},
-            {'id': '7', 'status': '404', 'detail': "NOT FOUND"},
+            {'id': '5', 'status': '404', 'detail': 'NOT FOUND'},
+            {'id': '7', 'status': '404', 'detail': 'NOT FOUND'},
         ])
 
-        # action in bulk dispatch raised 404 with message
+        # action in bulk dispatch raises 404 and hides the message
         response = patch.dispatch_bulk(
             MockRequest([
                 {
@@ -263,6 +263,6 @@ class ApiPatchDispatchBulkTests(TestCase):
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.data, [
-            {'id': '5', 'status': '404', 'detail': "something was removed"},
-            {'id': '7', 'status': '404', 'detail': "something was removed"},
+            {'id': '5', 'status': '404', 'detail': 'NOT FOUND'},
+            {'id': '7', 'status': '404', 'detail': 'NOT FOUND'},
         ])

misago/threads/tests/test_thread_patch_api.py

@@ -695,9 +695,7 @@ class ThreadMoveApiTests(ThreadPatchApiTestCase):
             ]
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND"
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_other_acl({})
 
@@ -1602,9 +1600,7 @@ class ThreadMarkBestAnswerApiTests(ThreadPatchApiTestCase):
             ]
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Post matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         thread_json = self.get_thread_json()
         self.assertIsNone(thread_json['best_answer'])
@@ -1625,9 +1621,7 @@ class ThreadMarkBestAnswerApiTests(ThreadPatchApiTestCase):
             ]
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         thread_json = self.get_thread_json()
         self.assertIsNone(thread_json['best_answer'])
@@ -1648,9 +1642,7 @@ class ThreadMarkBestAnswerApiTests(ThreadPatchApiTestCase):
             ]
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Post matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         thread_json = self.get_thread_json()
         self.assertIsNone(thread_json['best_answer'])
@@ -2151,9 +2143,7 @@ class ThreadUnmarkBestAnswerApiTests(ThreadPatchApiTestCase):
             ]
         )
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Post matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         thread_json = self.get_thread_json()
         self.assertEqual(thread_json['best_answer'], self.best_answer.id)

misago/threads/tests/test_thread_pollcreate_api.py

@@ -29,9 +29,7 @@ class ThreadPollCreateTests(ThreadPollApiTestCase):
 
         response = self.post(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_thread_id(self):
         """api validates that thread exists"""
@@ -43,9 +41,7 @@ class ThreadPollCreateTests(ThreadPollApiTestCase):
 
         response = self.post(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Thread matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_no_permission(self):
         """api validates that user has permission to start poll in thread"""

misago/threads/tests/test_thread_polldelete_api.py

@@ -36,9 +36,7 @@ class ThreadPollDeleteTests(ThreadPollApiTestCase):
 
         response = self.client.delete(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_thread_id(self):
         """api validates that thread exists"""
@@ -52,9 +50,7 @@ class ThreadPollDeleteTests(ThreadPollApiTestCase):
 
         response = self.client.delete(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Thread matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_invalid_poll_id(self):
         """api validates that poll id is integer"""
@@ -68,9 +64,7 @@ class ThreadPollDeleteTests(ThreadPollApiTestCase):
 
         response = self.client.delete(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_poll_id(self):
         """api validates that poll exists"""
@@ -84,9 +78,7 @@ class ThreadPollDeleteTests(ThreadPollApiTestCase):
 
         response = self.client.delete(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_no_permission(self):
         """api validates that user has permission to delete poll in thread"""

misago/threads/tests/test_thread_polledit_api.py

@@ -39,9 +39,7 @@ class ThreadPollEditTests(ThreadPollApiTestCase):
 
         response = self.put(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_thread_id(self):
         """api validates that thread exists"""
@@ -55,9 +53,7 @@ class ThreadPollEditTests(ThreadPollApiTestCase):
 
         response = self.put(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Thread matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_invalid_poll_id(self):
         """api validates that poll id is integer"""
@@ -71,9 +67,7 @@ class ThreadPollEditTests(ThreadPollApiTestCase):
 
         response = self.put(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_poll_id(self):
         """api validates that poll exists"""
@@ -87,9 +81,7 @@ class ThreadPollEditTests(ThreadPollApiTestCase):
 
         response = self.put(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_no_permission(self):
         """api validates that user has permission to edit poll in thread"""

misago/threads/tests/test_thread_pollvotes_api.py

@@ -99,9 +99,7 @@ class ThreadGetVotesTests(ThreadPollApiTestCase):
 
         response = self.client.get(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_thread_id(self):
         """api validates that thread exists"""
@@ -115,9 +113,7 @@ class ThreadGetVotesTests(ThreadPollApiTestCase):
 
         response = self.client.get(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No Thread matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_invalid_poll_id(self):
         """api validates that poll id is integer"""
@@ -131,9 +127,7 @@ class ThreadGetVotesTests(ThreadPollApiTestCase):
 
         response = self.client.get(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_nonexistant_poll_id(self):
         """api validates that poll exists"""
@@ -147,10 +141,8 @@ class ThreadGetVotesTests(ThreadPollApiTestCase):
 
         response = self.client.get(api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
-
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
+        
     def test_no_permission(self):
         """api chcecks permission to see poll voters"""
         self.override_acl({'can_always_see_poll_voters': False})

misago/threads/tests/test_thread_reply_api.py

@@ -52,23 +52,17 @@ class ReplyThreadTests(AuthenticatedUserTestCase):
         self.override_acl({'can_see': 0})
         response = self.client.post(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_browse': 0})
         response = self.client.post(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_see_all_threads': 0})
         response = self.client.post(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_cant_reply_thread(self):
         """permission to reply thread is validated"""

misago/threads/tests/test_threads_bulkpatch_api.py

@@ -133,9 +133,7 @@ class BulkPatchSerializerTests(ThreadsBulkPatchApiTestCase):
         })
 
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "NOT FOUND",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_ops_invalid(self):
         """api validates descriptions"""

misago/threads/tests/test_threads_editor_api.py

@@ -309,29 +309,17 @@ class ThreadReplyEditorApiTests(EditorApiTestCase):
         self.override_acl({'can_see': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_browse': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_see_all_threads': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_no_reply_permission(self):
         """permssion to reply is validated"""
@@ -403,11 +391,7 @@ class ThreadReplyEditorApiTests(EditorApiTestCase):
 
         response = self.client.get('{}?reply={}'.format(self.api_link, unapproved_reply.pk))
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': "No Post matches the given query.",
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         # hidden reply can't be replied to
         self.override_acl({'can_reply_threads': 1})
@@ -429,11 +413,7 @@ class ThreadReplyEditorApiTests(EditorApiTestCase):
 
         response = self.client.get('{}?reply={}'.format(self.api_link, reply_to.pk))
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': "No Post matches the given query.",
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_reply_to_event(self):
         """events can't be edited"""
@@ -499,29 +479,17 @@ class EditReplyEditorApiTests(EditorApiTestCase):
         self.override_acl({'can_see': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_browse': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         self.override_acl({'can_see_all_threads': 0})
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': 'NOT FOUND',
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_no_edit_permission(self):
         """permssion to edit is validated"""
@@ -631,11 +599,7 @@ class EditReplyEditorApiTests(EditorApiTestCase):
 
         response = self.client.get(self.api_link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(
-            response.json(), {
-                'detail': "No Post matches the given query.",
-            }
-        )
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
         # allow unapproved edition
         self.override_acl({'can_edit_posts': 2, 'can_approve_content': 1})

misago/users/tests/test_auth_api.py

@@ -695,9 +695,7 @@ class ChangePasswordAPITests(TestCase):
 
         response = self.client.post(self.link % self.user.pk)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {
-            'detail': "No User matches the given query.",
-        })
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_submit_empty(self):
         """change password api errors for empty body"""

misago/users/tests/test_usernamechanges_api.py

@@ -60,7 +60,7 @@ class UsernameChangesApiTests(AuthenticatedUserTestCase):
 
         response = self.client.get('%s?user=abcd' % self.link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {'detail': "NOT FOUND"})
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_list_handles_nonexisting_user(self):
         """list raises 404 for invalid user id"""
@@ -70,7 +70,7 @@ class UsernameChangesApiTests(AuthenticatedUserTestCase):
 
         response = self.client.get('%s?user=142141' % self.link)
         self.assertEqual(response.status_code, 404)
-        self.assertEqual(response.json(), {'detail': "No User matches the given query."})
+        self.assertEqual(response.json(), {'detail': 'NOT FOUND'})
 
     def test_list_handles_search(self):
         """list returns found username changes"""