Adjust status codes of webhook errors

internal/metaerrors/metaerrors_test.go

@@ -31,10 +31,6 @@ func TestMetaError(t *testing.T) {
 		err := errors.New("error message")
 		metaErr := metaerrors.New(err, map[string]string{"key": "value"})
 		assert.Equal(t, "error message [key=value]", metaErr.Error())
-
-		err = errors.New("error message")
-		metaErr = metaerrors.New(err, map[string]string{"key1": "value1", "key2": "value2"})
-		assert.Equal(t, "error message [key1=value1,key2=value2]", metaErr.Error())
 	})
 
 	t.Run("test meta error without metadata", func(t *testing.T) {

server/rpc/auth/webhook.go

@@ -34,6 +34,9 @@ import (
 )
 
 var (
+	// ErrUnauthenticated is returned when the authentication is failed.
+	ErrUnauthenticated = errors.New("unauthenticated")
+
 	// ErrPermissionDenied is returned when the given user is not allowed for the access.
 	ErrPermissionDenied = errors.New("method is not allowed for this user")
 
@@ -45,9 +48,6 @@ var (
 
 	// ErrWebhookTimeout is returned when the webhook does not respond in time.
 	ErrWebhookTimeout = errors.New("webhook timeout")
-
-	// ErrUnauthenticated is returned when the request lacks valid authentication credentials.
-	ErrUnauthenticated = errors.New("request lacks valid authentication credentials")
 )
 
 // verifyAccess verifies the given user is allowed to access the given method.

server/rpc/connecthelper/status.go

@@ -79,12 +79,14 @@ var errorToConnectCode = map[error]connect.Code{
 	converter.ErrUnsupportedCounterType: connect.CodeUnimplemented,
 
 	// Unauthenticated means the request does not have valid authentication
-	auth.ErrUnexpectedStatusCode:   connect.CodeUnauthenticated,
-	auth.ErrUnexpectedResponse:     connect.CodeUnauthenticated,
-	auth.ErrWebhookTimeout:         connect.CodeUnauthenticated,
 	auth.ErrUnauthenticated:        connect.CodeUnauthenticated,
 	database.ErrMismatchedPassword: connect.CodeUnauthenticated,
 
+	// Internal means an internal error occurred.
+	auth.ErrUnexpectedStatusCode: connect.CodeInternal,
+	auth.ErrUnexpectedResponse:   connect.CodeInternal,
+	auth.ErrWebhookTimeout:       connect.CodeInternal,
+
 	// PermissionDenied means the request does not have permission for the operation.
 	auth.ErrPermissionDenied: connect.CodePermissionDenied,
 

test/integration/auth_webhook_test.go

@@ -287,7 +287,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		assert.NoError(t, err)
 		defer func() { assert.NoError(t, cli.Close()) }()
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrUnexpectedStatusCode), converter.ErrorCodeOf(err))
 	})
 
@@ -327,7 +327,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		assert.NoError(t, err)
 		defer func() { assert.NoError(t, cli.Close()) }()
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrUnexpectedResponse), converter.ErrorCodeOf(err))
 	})
 
@@ -356,7 +356,7 @@ func TestAuthWebhookErrorHandling(t *testing.T) {
 		defer func() { assert.NoError(t, cli.Close()) }()
 
 		err = cli.Activate(ctx)
-		assert.Equal(t, connect.CodeUnauthenticated, connect.CodeOf(err))
+		assert.Equal(t, connect.CodeInternal, connect.CodeOf(err))
 		assert.Equal(t, connecthelper.CodeOf(auth.ErrWebhookTimeout), converter.ErrorCodeOf(err))
 	})