API: Make the 401 error format consistent

[ErisDS]

At the moment the error returned from the API when you don't provide authentication is in a different format / structure to other error messages from the API.

There's a super easy way to see what I mean and test it using curl and the authentication/setup endpoint:

curl http://localhost:2368/blog/ghost/api/v0.1/authentication/setup/
{"setup":[{"status":true}]}

curl -X POST http://localhost:2368/blog/ghost/api/v0.1/authentication/setup/
{"errors":[{"message":"Setup has already been completed.","errorType":"NoPermissionError"}]}

curl -X PUT http://localhost:2368/blog/ghost/api/v0.1/authentication/setup/
{"type":"error","message":"Please Sign In","status":"passive"}

The GET and POST requests both return a JSON response in the correct format, GET returns a 200 error with a top level key and some data. POST returns a 403 error with a top level errors key an an error object.

However the PUT request returns a 401 error with an error object without a top level key.

There is a rudimentary explanation of the design principles behind the Ghost API over on the wiki which should shed some more light on what is wrong with this response.

The code generating the response is here: https://github.com/TryGhost/Ghost/blob/master/core/server/middleware/middleware.js#L122

And an example of how errors are sent correctly is here: https://github.com/TryGhost/Ghost/blob/master/core/server/middleware/api-error-handlers.js#L12

This should be a straightforward change, but some testing needs to be done to ensure it gets handled properly by the ember admin application.

[kowsheek]

Are there existing tests for this?

[jxhn]

I think this can be closed, it may just be the PR missing the closes reference?