fix(auth): return HTTP 401 for token-auth failures (#13420)

Follow-up to #12488 #13386 ### What problem does this PR solve? Previously, token authentication failures returned HTTP 200 with an error code in the response body. This PR updates `token_required` to raise `Unauthorized` and relies on the global error handler to return a structured JSON response with HTTP 401 status. The response body structure (`code`, `message`, `data`) remains unchanged to preserve compatibility with the official SDK. Frontend logic has been updated to handle HTTP 401 responses in addition to checking `data.code`. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
2026-05-04 17:27:50 +08:00 · 2026-03-06 18:18:14 +08:00
parent 51be1f1442
commit 3ed91345aa
7 changed files with 106 additions and 49 deletions
--- a/test/testcases/test_web_api/test_system_app/test_apps_init_unit.py
+++ b/test/testcases/test_web_api/test_system_app/test_apps_init_unit.py
@ -108,15 +108,14 @@ def test_module_init_and_unauthorized_message_variants(monkeypatch):
        def __repr__(self):
            return "Unauthorized 401 from upstream"

-    class _OtherRepr:
-        def __repr__(self):
-            return "Forbidden 403"
+    class _WithDescription:
+        description = "Custom description"

    assert apps_module._unauthorized_message(None) == apps_module.UNAUTHORIZED_MESSAGE
    assert apps_module._unauthorized_message(_BrokenRepr()) == apps_module.UNAUTHORIZED_MESSAGE
    assert apps_module._unauthorized_message(_ExactUnauthorizedRepr()) == apps_module.UNAUTHORIZED_MESSAGE
    assert apps_module._unauthorized_message(_Unauthorized401Repr()) == "Unauthorized 401 from upstream"
-    assert apps_module._unauthorized_message(_OtherRepr()) == apps_module.UNAUTHORIZED_MESSAGE
+    assert apps_module._unauthorized_message(_WithDescription()) == "Custom description"


@pytest.mark.p2