[openstreetmap/openstreetmap-website] Return 401 Unauthorized when user is not logged in (#2062)
notifications at github.com
Wed Nov 14 15:28:58 UTC 2018
This PR changes the `require_user` and `deny_access` methods to return 401 Unauthorized to web requests when the user hasn't yet logged in, and updates the affected tests. This brings us better in line with the HTTP specs.
I came across this while doing some more work on CanCanCan refactoring. The `authorize` method, used by all the API actions, has always returned 401 in this situation, so this PR makes the behaviour the same for non-API actions and simplifies some other work-in-progress that I have.
You can view, comment on, or merge this pull request online at:
-- Commit Summary --
* Return 401 Unauthorized instead of 403 Forbidden via CanCanCan when user isn't logged in yet
* Return 401 Unauthorized instead of 403 Forbidden for web requests when user isn't logged in yet
-- File Changes --
M app/controllers/application_controller.rb (6)
M app/controllers/traces_controller.rb (8)
M test/controllers/diary_entries_controller_test.rb (10)
M test/controllers/messages_controller_test.rb (4)
M test/controllers/oauth_clients_controller_test.rb (6)
M test/controllers/traces_controller_test.rb (6)
M test/controllers/user_blocks_controller_test.rb (4)
M test/controllers/user_roles_controller_test.rb (4)
M test/controllers/users_controller_test.rb (4)
-- Patch Links --
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev