summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2016-07-29 11:17:06 +0200
committerFlorian Pritz <bluewind@xinu.at>2016-07-29 11:17:06 +0200
commit2e7269f566a0204dbc83d6c8f423886e27d60363 (patch)
treecd6dc0497039b2959a8ebb2fb8ca6e510a681e3f /application
parent0db79529d129dd4fe1e9b7bf823e07510c806bd4 (diff)
Return 403 instead of 401 for missing authentication
According to the RFC this is only useful for services that use HTTP's built in authentication schemes. We don't so we can't use this code. References: https://tools.ietf.org/html/rfc7235 Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r--application/controllers/user.php2
-rw-r--r--application/exceptions/NotAuthenticatedException.php2
2 files changed, 2 insertions, 2 deletions
diff --git a/application/controllers/user.php b/application/controllers/user.php
index ab411d7d2..891ef9451 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -38,7 +38,7 @@ class User extends MY_Controller {
if ($this->muser->login($username, $password)) {
$this->output->set_status_header(204);
} else {
- $this->output->set_status_header(401);
+ $this->output->set_status_header(403);
}
}
diff --git a/application/exceptions/NotAuthenticatedException.php b/application/exceptions/NotAuthenticatedException.php
index de26318d8..99ddd82fc 100644
--- a/application/exceptions/NotAuthenticatedException.php
+++ b/application/exceptions/NotAuthenticatedException.php
@@ -9,6 +9,6 @@ namespace exceptions;
class NotAuthenticatedException extends UserInputException {
public function get_http_error_code()
{
- return 401;
+ return 403;
}
}