From ba3f5db59840053c374b5ef4ed481ffe1c11dbd1 Mon Sep 17 00:00:00 2001 From: Garret Alfert Date: Sun, 8 Dec 2013 22:37:07 +0100 Subject: [PATCH] Change response code for unauthorized access from 403 to 401 --- lib/remote_storage/riak.rb | 6 +++--- spec/directories_spec.rb | 4 ++-- spec/permissions_spec.rb | 36 ++++++++++++++++++------------------ spec/riak_spec.rb | 12 ++++++------ 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/lib/remote_storage/riak.rb b/lib/remote_storage/riak.rb index 2ef3c39..49d796a 100644 --- a/lib/remote_storage/riak.rb +++ b/lib/remote_storage/riak.rb @@ -29,12 +29,12 @@ module RemoteStorage authorizations = auth_bucket.get("#{user}:#{token}").data permission = directory_permission(authorizations, directory) - server.halt 403 unless permission + server.halt 401 unless permission if ["PUT", "DELETE"].include? request_method - server.halt 403 unless permission == "rw" + server.halt 401 unless permission == "rw" end rescue ::Riak::HTTPFailedRequest - server.halt 403 + server.halt 401 end def get_data(user, directory, key) diff --git a/spec/directories_spec.rb b/spec/directories_spec.rb index 16124ea..e04eb9a 100644 --- a/spec/directories_spec.rb +++ b/spec/directories_spec.rb @@ -376,13 +376,13 @@ describe "Directories" do it "does not allow a directory listing of the public root" do get "/jimmy/public/" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end it "does not allow a directory listing of a sub-directory" do get "/jimmy/public/bookmarks/" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end diff --git a/spec/permissions_spec.rb b/spec/permissions_spec.rb index 8f13a16..9348dae 100644 --- a/spec/permissions_spec.rb +++ b/spec/permissions_spec.rb @@ -79,10 +79,10 @@ describe "Permissions" do end context "when not authorized" do - it "returns a 403 for a key in a top-level directory" do + it "returns a 401 for a key in a top-level directory" do get "/jimmy/confidential/bar" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end @@ -105,10 +105,10 @@ describe "Permissions" do data_bucket.get("jimmy:contacts:1").data.must_equal "John Doe" end - it "returns a 403 when there are read permissions only" do + it "returns a 401 when there are read permissions only" do put "/jimmy/documents/foo", "some text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end @@ -127,10 +127,10 @@ describe "Permissions" do data_bucket.get("jimmy:contacts/family:1").data.must_equal "Bobby Brother" end - it "returns a 403 when there are read permissions only" do + it "returns a 401 when there are read permissions only" do put "/jimmy/documents/business/1", "some text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end @@ -152,10 +152,10 @@ describe "Permissions" do end context "when not authorized for the corresponding category" do - it "returns a 403" do + it "returns a 401" do put "/jimmy/public/documents/foo", "Foo Bar" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end @@ -233,16 +233,16 @@ describe "Permissions" do object.store end - it "returns a 403 for a key in a top-level directory" do + it "returns a 401 for a key in a top-level directory" do delete "/jimmy/documents/private" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end - it "returns a 403 for a key in a sub-directory" do + it "returns a 401 for a key in a sub-directory" do delete "/jimmy/documents/business/foo" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end context "public directory" do @@ -253,10 +253,10 @@ describe "Permissions" do object.store end - it "returns a 403" do + it "returns a 401" do delete "/jimmy/public/documents/foo" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end @@ -385,13 +385,13 @@ describe "Permissions" do it "disallows PUT requests" do put "/jimmy/documents/foo", "some text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end it "disallows DELETE requests" do delete "/jimmy/documents/very/interesting/text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end context "public directory" do @@ -411,13 +411,13 @@ describe "Permissions" do it "disallows PUT requests" do put "/jimmy/public/tasks/foo", "some text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end it "disallows DELETE requests" do delete "/jimmy/public/tasks/hello" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end diff --git a/spec/riak_spec.rb b/spec/riak_spec.rb index bc3ea04..d140942 100644 --- a/spec/riak_spec.rb +++ b/spec/riak_spec.rb @@ -632,26 +632,26 @@ describe "App with Riak backend" do end describe "GET" do - it "returns a 403" do + it "returns a 401" do get "/jimmy/documents/foo" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end describe "PUT" do - it "returns a 403" do + it "returns a 401" do put "/jimmy/documents/foo", "some text" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end describe "DELETE" do - it "returns a 403" do + it "returns a 401" do delete "/jimmy/documents/foo" - last_response.status.must_equal 403 + last_response.status.must_equal 401 end end end