From aac493ad2fde85bd5a1d17c043e274ec85aa3a7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Tue, 28 Jun 2022 14:40:06 +0200
Subject: [PATCH] Update docs and error message for sudo route (#1117)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Update docs and error message for sudo route

* Fix

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/api/views/sudo.py |  4 ++--
 docs/api.md           | 12 ++++++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/api/views/sudo.py b/app/api/views/sudo.py
index 04806f82..a6bb6e33 100644
--- a/app/api/views/sudo.py
+++ b/app/api/views/sudo.py
@@ -17,9 +17,9 @@ def enter_sudo():
     user = g.user
     data = request.get_json() or {}
     if "password" not in data:
-        return jsonify(error="Invalid request"), 403
+        return jsonify(error="Invalid password"), 403
     if not user.check_password(data["password"]):
-        return jsonify(error="Invalid request"), 403
+        return jsonify(error="Invalid password"), 403
 
     g.api_key.sudo_mode_at = arrow.now()
     Session.commit()
diff --git a/docs/api.md b/docs/api.md
index 79a5fc33..a9f260de 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -10,7 +10,7 @@
 - [POST /api/auth/reactivate](##post-apiauthreactivate): Request a new activation code.
 - [POST /api/auth/forgot_password](#post-apiauthforgot_password): Request reset password link.
 - [GET /api/user_info](#get-apiuser_info): Get user's information.
-- [PATCH /api/sudo](#patch-apiuser_sudo): Enable sudo mode.
+- [PATCH /api/sudo](#patch-apisudo): Enable sudo mode.
 - [PATCH /api/user_info](#patch-apiuser_info): Update user's information.
 - [POST /api/api_key](#post-apiapi_key): Create a new API key.
 - [GET /api/logout](#get-apilogout): Log out.
@@ -229,11 +229,19 @@ Enable sudo mode
 
 Input:
 
+- `Authentication` header that contains the api key
 - password: User password to validate the user presence and enter sudo mode
 
+```json
+{
+  "password": "yourpassword"
+}
+```
+
 Output: 
 
-- ok: True if sudo mode has been enabled
+- 200 with ```{"ok": true}``` if sudo mode has been enabled.
+- 403 with ```{"error": "Some error"}``` if there is an error.
 
 #### POST /api/api_key