:( I had to read code closer. There are actually three different keys so three
different codes required. Modified patch attached.
On Thursday 11 June 2009 17:15:23 Alexey Nezhdanov wrote:
> Hello.
>
> It is more proper to use 401 status code than 400 for 'not authorized'
> case.
>
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
--
Sincerely yours
Alexey Nezhdanov
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
--- tools.py 2009-06-11 17:10:31.216533525 +0400
+++ tools.401.py 2009-06-11 17:16:54.300531107 +0400
@@ -1136,17 +1136,17 @@
session = self.environment.session
auth = session.auth
if not self.is_logged_in():
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
if user_id == DEFAULT and self.environment.request.args:
user_id = self.environment.request.args[1]
if user_id and user_id != self.user.id and user_id != '0':
if not self.has_permission('impersonate',
self.settings.table_user_name,
user_id):
- raise HTTP(400, "Not Authorized")
+ raise HTTP(403, "Forbidden")
user = self.settings.table_user[request.args[1]]
if not user:
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
auth.impersonator = cPickle.dumps(session)
auth.user.update(self.settings.table_user._filter_fields(user, True))
self.user = auth.user
@@ -2032,7 +2032,7 @@
request = self.environment['request']
if len(request.args) < 1:
- raise HTTP(400, "Not Authorized")
+ raise HTTP(400, "Bad request")
arg0 = request.args[0]
if arg0 == 'run':
return self.serve_run(request.args[1:])
