Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

confusion on unauthorized versus unauthenticated. #121

Closed
jwag956 opened this issue Jul 3, 2019 · 1 comment
Closed

confusion on unauthorized versus unauthenticated. #121

jwag956 opened this issue Jul 3, 2019 · 1 comment
Assignees
@jwag956
Labels
bug

Comments

@jwag956
Copy link
Collaborator

jwag956 commented Jul 3, 2019
edited
Loading

Today, FS only as a single callback: _security._unauthorized_callback
which is used in both the 'not authenticated' @auth_required case as well as the
unauthorized case @role_required.
The first should return a 401 ,
the second a 403 (Forbidden).

Probably the easiest backward compatible thing is to introduce a new unauthenticated_callback and if that is set - call it.

Also - only FlaskLogin's unauthorized handler does all the appropriate things to redirect to a login view - FS's just returns some lame html....
@jwag956 jwag956 added the bug label Jul 3, 2019
@jwag956 jwag956 changed the title confusion on unauthorized versus unauthenticated confusion on unauthorized versus unauthenticated. Jul 10, 2019
@jwag956 jwag956 self-assigned this Aug 3, 2019
@jwag956
Copy link
Collaborator Author

jwag956 commented Aug 5, 2019

fixed by pr #152

@jwag956 jwag956 closed this as completed Aug 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jwag956 jwag956

Labels
bug
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jwag956