Hello.
It is more proper to use 401 status code than 400 for 'not authorized' case.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
--
Sincerely yours
Alexey Nezhdanov
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
--- tools.py 2009-06-11 17:10:31.216533525 +0400
+++ tools.401.py 2009-06-11 17:10:41.856530678 +0400
@@ -1136,17 +1136,17 @@
session = self.environment.session
auth = session.auth
if not self.is_logged_in():
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
if user_id == DEFAULT and self.environment.request.args:
user_id = self.environment.request.args[1]
if user_id and user_id != self.user.id and user_id != '0':
if not self.has_permission('impersonate',
self.settings.table_user_name,
user_id):
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
user = self.settings.table_user[request.args[1]]
if not user:
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
auth.impersonator = cPickle.dumps(session)
auth.user.update(self.settings.table_user._filter_fields(user, True))
self.user = auth.user
@@ -2032,7 +2032,7 @@
request = self.environment['request']
if len(request.args) < 1:
- raise HTTP(400, "Not Authorized")
+ raise HTTP(401, "Not Authorized")
arg0 = request.args[0]
if arg0 == 'run':
return self.serve_run(request.args[1:])
