diff --git a/meilisearch-http/src/extractors/authentication/error.rs b/meilisearch-http/src/extractors/authentication/error.rs index bb78c53d0..7fa0319b8 100644 --- a/meilisearch-http/src/extractors/authentication/error.rs +++ b/meilisearch-http/src/extractors/authentication/error.rs @@ -9,6 +9,8 @@ pub enum AuthenticationError { // Triggered on configuration error. #[error("An internal error has occurred. `Irretrievable state`.")] IrretrievableState, + #[error("Meilisearch is running without a master key. To access this API endpoint, you must have set a master key at launch.")] + MissingMasterKey, } impl ErrorCode for AuthenticationError { @@ -17,6 +19,7 @@ impl ErrorCode for AuthenticationError { AuthenticationError::MissingAuthorizationHeader => Code::MissingAuthorizationHeader, AuthenticationError::InvalidToken => Code::InvalidToken, AuthenticationError::IrretrievableState => Code::Internal, + AuthenticationError::MissingMasterKey => Code::MissingMasterKey, } } } diff --git a/meilisearch-http/src/extractors/authentication/mod.rs b/meilisearch-http/src/extractors/authentication/mod.rs index f6feabbbd..4107a6194 100644 --- a/meilisearch-http/src/extractors/authentication/mod.rs +++ b/meilisearch-http/src/extractors/authentication/mod.rs @@ -48,6 +48,8 @@ impl GuardedData { where P: Policy + 'static, { + let missing_master_key = auth.get_master_key().is_none(); + match Self::authenticate(auth, String::new(), None).await? { Some(filters) => match data { Some(data) => Ok(Self { @@ -55,8 +57,10 @@ impl GuardedData { filters, _marker: PhantomData, }), + None => Err(AuthenticationError::IrretrievableState.into()), }, + None if missing_master_key => Err(AuthenticationError::MissingMasterKey.into()), None => Err(AuthenticationError::MissingAuthorizationHeader.into()), } } diff --git a/meilisearch-http/tests/auth/api_keys.rs b/meilisearch-http/tests/auth/api_keys.rs index 658369802..4e1908257 100644 --- a/meilisearch-http/tests/auth/api_keys.rs +++ b/meilisearch-http/tests/auth/api_keys.rs @@ -1403,10 +1403,10 @@ async fn error_access_api_key_routes_no_master_key_set() { let mut server = Server::new().await; let expected_response = json!({ - "message": "The Authorization header is missing. It must use the bearer authorization method.", - "code": "missing_authorization_header", + "message": "Meilisearch is running without a master key. To access this API endpoint, you must have set a master key at launch.", + "code": "missing_master_key", "type": "auth", - "link": "https://docs.meilisearch.com/errors#missing_authorization_header" + "link": "https://docs.meilisearch.com/errors#missing_master_key" }); let expected_code = 401; diff --git a/meilisearch-types/src/error.rs b/meilisearch-types/src/error.rs index 56ac65f9e..147207aec 100644 --- a/meilisearch-types/src/error.rs +++ b/meilisearch-types/src/error.rs @@ -144,6 +144,7 @@ pub enum Code { InvalidStore, InvalidToken, MissingAuthorizationHeader, + MissingMasterKey, NoSpaceLeftOnDevice, DumpNotFound, TaskNotFound, @@ -231,6 +232,9 @@ impl Code { MissingAuthorizationHeader => { ErrCode::authentication("missing_authorization_header", StatusCode::UNAUTHORIZED) } + MissingMasterKey => { + ErrCode::authentication("missing_master_key", StatusCode::UNAUTHORIZED) + } TaskNotFound => ErrCode::invalid("task_not_found", StatusCode::NOT_FOUND), DumpNotFound => ErrCode::invalid("dump_not_found", StatusCode::NOT_FOUND), NoSpaceLeftOnDevice => {