Skip to content
Permalink
Browse files

Don't return a 403 when the username is unknown, return a 401.

  • Loading branch information...
m0rgen committed Apr 22, 2010
1 parent 680350b commit 594ad7c19891592ca6beacd4073db596ac5bb146
Showing with 10 additions and 6 deletions.
  1. +5 −3 twext/web2/dav/resource.py
  2. +5 −3 twistedcaldav/extensions.py
@@ -974,6 +974,10 @@ def gotCreds(creds):
# Try to match principals in each principal collection
# on the resource
def gotDetails(details, creds):
if details == (None, None):
log.msg("Could not find the principal resource for user id: %s" % (creds.username,))
raise HTTPError(responsecode.UNAUTHORIZED)

authnPrincipal = IDAVPrincipalResource(details[0])
authzPrincipal = IDAVPrincipalResource(details[1])
return PrincipalCredentials(
@@ -1549,9 +1553,7 @@ def principalsForAuthID(self, request, authid):
authnPrincipal = self.findPrincipalForAuthID(authid)

if authnPrincipal is None:
log.msg("Could not find the principal resource for user id: %s"
% (authid,))
raise HTTPError(responsecode.FORBIDDEN)
return succeed((None, None))

d = self.authorizationPrincipal(request, authid, authnPrincipal)
d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))
@@ -131,6 +131,10 @@ def authenticate(self, request):

# Try to match principals in each principal collection on the resource
authnPrincipal, authzPrincipal = (yield self.principalsForAuthID(request, creds))
if (authnPrincipal, authzPrincipal) == (None, None):
log.info("Could not find the principal resource for user id: %s" % (creds.username,))
raise HTTPError(responsecode.UNAUTHORIZED)

authnPrincipal = IDAVPrincipalResource(authnPrincipal)
authzPrincipal = IDAVPrincipalResource(authzPrincipal)

@@ -169,9 +173,7 @@ def principalsForAuthID(self, request, creds):
authnPrincipal = self.findPrincipalForAuthID(creds)

if authnPrincipal is None:
log.info("Could not find the principal resource for user id: %s"
% (creds.username,))
raise HTTPError(responsecode.FORBIDDEN)
return succeed((None, None))

d = self.authorizationPrincipal(request, creds.username, authnPrincipal)
d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))

0 comments on commit 594ad7c

Please sign in to comment.
You can’t perform that action at this time.