* Server sends now 403 (Forbidden) instead of 401 (Authorisation requ…

…ired) if not logged in (#fixes w#740)

app/config/routing.xml

@@ -13,6 +13,7 @@
 
 				<route name=".login" pattern="^/login" action="%actions.login_action%">
 					<route name=".provider" pattern="^/json" module="%actions.default_module%" action="Login.AjaxLogin" output_type="json"/>
+					<route name=".check" pattern="^/check" module="%actions.default_module%" action="Login.LoginCheck" output_type="simple"/>
 				</route>
 
 				<route name=".logout" pattern="^/logout" action="Logout"/>

app/modules/AppKit/cache/Login/LoginCheck.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ae:configurations xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0" xmlns="http://agavi.org/agavi/config/parts/caching/1.0">
+	<ae:configuration>
+		<caching enabled="false">
+		</caching>
+	</ae:configuration>
+</ae:configurations>

app/modules/AppKit/config/auth.xml

@@ -184,7 +184,7 @@
 				* Allow authenticate requests, set auth_authoritative true
 			-->
 
-			<ae:parameter name="auth_enable">false</ae:parameter>
+			<ae:parameter name="auth_enable">true</ae:parameter>
 			<ae:parameter name="auth_authoritative">true</ae:parameter>
 
 			<!--

app/modules/AppKit/lib/js/AppKitUtil.js

@@ -84,7 +84,7 @@ AppKit.util = (function() {
 			var t={};
 			Ext.Ajax.on('requestexception', function(conn, response, options) {
 				if (!options.url.match(/\/login/)) {
-					if (response.status == '401') {
+					if (response.status == '403') {
 						if (Ext.isEmpty(this.wflag)) {
 							this.wflag=true;
 

app/modules/AppKit/models/Auth/Provider/HTTPBasicAuthenticationModel.class.php

@@ -28,6 +28,7 @@ class AppKit_Auth_Provider_HTTPBasicAuthenticationModel extends AppKitAuthProvid
 
 	public function doAuthenticate(NsmUser $user, $password) {
 		$tuser = $this->loadUserByDQL($user->user_name);
+
 		if ($tuser && $tuser instanceof NsmUser && $user->user_name == $this->getAuthName()) {
 			return true;
 		}

app/modules/AppKit/templates/Login/AjaxLoginSuccess.php

@@ -42,7 +42,7 @@
 				inputType: 'password',
 				name: 'password',
 				id: 'password',
-				allowBlank: false
+				allowBlank: true
 			}],
 
 			listeners: {

app/modules/AppKit/validate/Login/AjaxLogin.xml

@@ -22,7 +22,7 @@
 					</ae:parameters>
 			</validator>
 
-			<validator class="string" name="password_length" required="true">
+			<validator class="string" name="password_length" required="false">
 					<arguments>
 						<argument>password</argument>
 					</arguments>
@@ -32,7 +32,7 @@
 					</errors>
 					<ae:parameters>
 						<ae:parameter name="max">80</ae:parameter>
-						<ae:parameter name="min">3</ae:parameter>
+						<ae:parameter name="min">0</ae:parameter>
 					</ae:parameters>
 			</validator>
 

app/modules/AppKit/views/Login/AjaxLoginSuccessView.class.php

@@ -7,7 +7,7 @@ public function executeHtml(AgaviRequestDataHolder $rd)
 		$this->setupHtml($rd);
 
 		if ($this->getContext()->getUser()->isAuthenticated() !== true) {
-			$this->getResponse()->setHttpStatusCode('401');
+			$this->getResponse()->setHttpStatusCode('403');
 		}
 
 		$this->setAttribute('message', false);
@@ -45,7 +45,7 @@ public function executeJson(AgaviRequestDataHolder $rd) {
 		}
 		else {
 			$errors['username'] = 'Login failed!';
-			$this->getResponse()->setHttpStatusCode('401');
+			$this->getResponse()->setHttpStatusCode('403');
 		}
 
 		return json_encode(array(

app/modules/AppKit/views/Login/SilentAuthSuccessView.class.php

@@ -1,8 +1,12 @@
 <?php
 
 class AppKit_Login_SilentAuthSuccessView extends AppKitBaseView {
+		public function executeJson(AgaviRequestDataHolder $rd) {
+			return $this->executeHtml($rd);
+
+		}
 
-	public function executeHtml(AgaviRequestDataHolder $rd) {
+		public function executeHtml(AgaviRequestDataHolder $rd) {
 
 		if ($this->getAttribute('authenticated', false) == true) {