Using different HTTP status codes in some cases where auth or rights are violated
This commit is contained in:
parent
db708a0853
commit
0c4562c01d
@ -51,9 +51,18 @@ from . import auth, config, ical, log, rights, storage, xmlutils
|
|||||||
|
|
||||||
VERSION = "git"
|
VERSION = "git"
|
||||||
|
|
||||||
# Standard "not allowed" response
|
# Standard "not allowed" response that is returned when an authenticated
|
||||||
|
# user tries to access information they don't have rights to.
|
||||||
NOT_ALLOWED = (
|
NOT_ALLOWED = (
|
||||||
client.FORBIDDEN,
|
client.FORBIDDEN,
|
||||||
|
{},
|
||||||
|
None)
|
||||||
|
|
||||||
|
# Standard "authenticate" response that is returned when a
|
||||||
|
# user tries to access non-public information w/o submitting
|
||||||
|
# proper authentication credentials
|
||||||
|
WRONG_CREDENTIALS = (
|
||||||
|
client.UNAUTHORIZED,
|
||||||
{"WWW-Authenticate": "Basic realm=\"Radicale - Password Required\""},
|
{"WWW-Authenticate": "Basic realm=\"Radicale - Password Required\""},
|
||||||
None)
|
None)
|
||||||
|
|
||||||
@ -284,11 +293,7 @@ class Application(object):
|
|||||||
# Unknown or unauthorized user
|
# Unknown or unauthorized user
|
||||||
log.LOGGER.info(
|
log.LOGGER.info(
|
||||||
"%s refused" % (user or "Anonymous user"))
|
"%s refused" % (user or "Anonymous user"))
|
||||||
status = client.UNAUTHORIZED
|
status, headers, answer = WRONG_CREDENTIALS
|
||||||
headers = {
|
|
||||||
"WWW-Authenticate":
|
|
||||||
"Basic realm=\"Radicale Server - Password Required\""}
|
|
||||||
answer = None
|
|
||||||
|
|
||||||
# Set content length
|
# Set content length
|
||||||
if answer:
|
if answer:
|
||||||
@ -310,7 +315,7 @@ class Application(object):
|
|||||||
def delete(self, environ, read_collections, write_collections, content, user):
|
def delete(self, environ, read_collections, write_collections, content, user):
|
||||||
"""Manage DELETE request."""
|
"""Manage DELETE request."""
|
||||||
if not len(write_collections):
|
if not len(write_collections):
|
||||||
return NOT_ALLOWED
|
return client.PRECONDITION_FAILED, {}, None
|
||||||
|
|
||||||
collection = write_collections[0]
|
collection = write_collections[0]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user