:( I had to read code closer. There are actually three different keys so three different codes required. Modified patch attached.
On Thursday 11 June 2009 17:15:23 Alexey Nezhdanov wrote: > Hello. > > It is more proper to use 401 status code than 400 for 'not authorized' > case. > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 -- Sincerely yours Alexey Nezhdanov --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
--- tools.py 2009-06-11 17:10:31.216533525 +0400 +++ tools.401.py 2009-06-11 17:16:54.300531107 +0400 @@ -1136,17 +1136,17 @@ session = self.environment.session auth = session.auth if not self.is_logged_in(): - raise HTTP(400, "Not Authorized") + raise HTTP(401, "Not Authorized") if user_id == DEFAULT and self.environment.request.args: user_id = self.environment.request.args[1] if user_id and user_id != self.user.id and user_id != '0': if not self.has_permission('impersonate', self.settings.table_user_name, user_id): - raise HTTP(400, "Not Authorized") + raise HTTP(403, "Forbidden") user = self.settings.table_user[request.args[1]] if not user: - raise HTTP(400, "Not Authorized") + raise HTTP(401, "Not Authorized") auth.impersonator = cPickle.dumps(session) auth.user.update(self.settings.table_user._filter_fields(user, True)) self.user = auth.user @@ -2032,7 +2032,7 @@ request = self.environment['request'] if len(request.args) < 1: - raise HTTP(400, "Not Authorized") + raise HTTP(400, "Bad request") arg0 = request.args[0] if arg0 == 'run': return self.serve_run(request.args[1:])