[45/50] git commit: [#6701] Return 401 Unauthorized instead of 403 Forbidden when anonymous access is denied to force client to prompt for auth

[br...@apache.org]

[#6701] Return 401 Unauthorized instead of 403 Forbidden when anonymous access is denied to force client to prompt for auth

Signed-off-by: Cory Johns <cj...@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/bb8a81bc
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/bb8a81bc
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/bb8a81bc

Branch: refs/heads/db/5995
Commit: bb8a81bc4d9796f3e05a789e9003f427a393f0a3
Parents: 4c90eff
Author: Cory Johns <cj...@slashdotmedia.com>
Authored: Wed Mar 19 15:11:50 2014 +0000
Committer: Cory Johns <cj...@slashdotmedia.com>
Committed: Thu Mar 20 18:43:46 2014 +0000

----------------------------------------------------------------------
 scripts/ApacheAccessHandler.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/bb8a81bc/scripts/ApacheAccessHandler.py
----------------------------------------------------------------------
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index 946898b..390dca3 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py
@@ -128,10 +128,14 @@ def handler(req):
     if not check_repo_path(req):
         return apache.HTTP_NOT_FOUND
 
-    if req.user and not check_authentication(req):
+    authenticated = check_authentication(req)
+    if req.user and not authenticated:
         return apache.HTTP_UNAUTHORIZED
 
-    if not check_permissions(req):
+    authorized = check_permissions(req)
+    if not req.user and not authorized:
+        return apache.HTTP_UNAUTHORIZED
+    elif not authorized:
         return apache.HTTP_FORBIDDEN
 
     return apache.OK