Don't return a 403 when the username is unknown, return a 401.

git-svn-id: https://svn.calendarserver.org/repository/calendarserver/CalendarServer/trunk@5509 e27351fd-9f3e-4f54-a53b-843176b1656c
apple · Apr 22, 2010 · 594ad7c · 594ad7c
1 parent 680350b
commit 594ad7c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/twext/web2/dav/resource.py b/twext/web2/dav/resource.py
@@ -974,6 +974,10 @@ def gotCreds(creds):
                 # Try to match principals in each principal collection
                 # on the resource
                 def gotDetails(details, creds):
+                    if details == (None, None):
+                        log.msg("Could not find the principal resource for user id: %s" % (creds.username,))
+                        raise HTTPError(responsecode.UNAUTHORIZED)
+
                     authnPrincipal = IDAVPrincipalResource(details[0])
                     authzPrincipal = IDAVPrincipalResource(details[1])
                     return PrincipalCredentials(
@@ -1549,9 +1553,7 @@ def principalsForAuthID(self, request, authid):
         authnPrincipal = self.findPrincipalForAuthID(authid)
 
         if authnPrincipal is None:
-            log.msg("Could not find the principal resource for user id: %s"
-                    % (authid,))
-            raise HTTPError(responsecode.FORBIDDEN)
+            return succeed((None, None))
 
         d = self.authorizationPrincipal(request, authid, authnPrincipal)
         d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))

diff --git a/twistedcaldav/extensions.py b/twistedcaldav/extensions.py
@@ -131,6 +131,10 @@ def authenticate(self, request):
 
                 # Try to match principals in each principal collection on the resource
                 authnPrincipal, authzPrincipal = (yield self.principalsForAuthID(request, creds))
+                if (authnPrincipal, authzPrincipal) == (None, None):
+                    log.info("Could not find the principal resource for user id: %s" % (creds.username,))
+                    raise HTTPError(responsecode.UNAUTHORIZED)
+
                 authnPrincipal = IDAVPrincipalResource(authnPrincipal)
                 authzPrincipal = IDAVPrincipalResource(authzPrincipal)
 
@@ -169,9 +173,7 @@ def principalsForAuthID(self, request, creds):
         authnPrincipal = self.findPrincipalForAuthID(creds)
 
         if authnPrincipal is None:
-            log.info("Could not find the principal resource for user id: %s"
-                     % (creds.username,))
-            raise HTTPError(responsecode.FORBIDDEN)
+            return succeed((None, None))
 
         d = self.authorizationPrincipal(request, creds.username, authnPrincipal)
         d.addCallback(lambda authzPrincipal: (authnPrincipal, authzPrincipal))