Change response code for unauthorized access from 403 to 401

2013-12-08 22:37:07 +01:00 · 2013-12-08 22:37:07 +01:00 · ba3f5db598
commit ba3f5db598
parent 3dd79e28d3
4 changed files with 29 additions and 29 deletions
--- a/lib/remote_storage/riak.rb
+++ b/lib/remote_storage/riak.rb
@ -29,12 +29,12 @@ module RemoteStorage
      authorizations = auth_bucket.get("#{user}:#{token}").data
      permission = directory_permission(authorizations, directory)
-      server.halt 403 unless permission
+      server.halt 401 unless permission
      if ["PUT", "DELETE"].include? request_method
-        server.halt 403 unless permission == "rw"
+        server.halt 401 unless permission == "rw"
      end
    rescue ::Riak::HTTPFailedRequest
-      server.halt 403
+      server.halt 401
    end
    def get_data(user, directory, key)
--- a/spec/directories_spec.rb
+++ b/spec/directories_spec.rb
@ -376,13 +376,13 @@ describe "Directories" do
        it "does not allow a directory listing of the public root" do
          get "/jimmy/public/"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
        it "does not allow a directory listing of a sub-directory" do
          get "/jimmy/public/bookmarks/"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
      end
    end
--- a/spec/permissions_spec.rb
+++ b/spec/permissions_spec.rb
@ -79,10 +79,10 @@ describe "Permissions" do
      end
      context "when not authorized" do
-        it "returns a 403 for a key in a top-level directory" do
+        it "returns a 401 for a key in a top-level directory" do
          get "/jimmy/confidential/bar"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
      end
    end
@ -105,10 +105,10 @@ describe "Permissions" do
        data_bucket.get("jimmy:contacts:1").data.must_equal "John Doe"
      end
-      it "returns a 403 when there are read permissions only" do
+      it "returns a 401 when there are read permissions only" do
        put "/jimmy/documents/foo", "some text"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
    end
@ -127,10 +127,10 @@ describe "Permissions" do
        data_bucket.get("jimmy:contacts/family:1").data.must_equal "Bobby Brother"
      end
-      it "returns a 403 when there are read permissions only" do
+      it "returns a 401 when there are read permissions only" do
        put "/jimmy/documents/business/1", "some text"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
    end
@ -152,10 +152,10 @@ describe "Permissions" do
      end
      context "when not authorized for the corresponding category" do
-        it "returns a 403" do
+        it "returns a 401" do
          put "/jimmy/public/documents/foo", "Foo Bar"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
      end
    end
@ -233,16 +233,16 @@ describe "Permissions" do
        object.store
      end
-      it "returns a 403 for a key in a top-level directory" do
+      it "returns a 401 for a key in a top-level directory" do
        delete "/jimmy/documents/private"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
-      it "returns a 403 for a key in a sub-directory" do
+      it "returns a 401 for a key in a sub-directory" do
        delete "/jimmy/documents/business/foo"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
      context "public directory" do
@ -253,10 +253,10 @@ describe "Permissions" do
          object.store
        end
-        it "returns a 403" do
+        it "returns a 401" do
          delete "/jimmy/public/documents/foo"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
      end
    end
@ -385,13 +385,13 @@ describe "Permissions" do
      it "disallows PUT requests" do
        put "/jimmy/documents/foo", "some text"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
      it "disallows DELETE requests" do
        delete "/jimmy/documents/very/interesting/text"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
      context "public directory" do
@ -411,13 +411,13 @@ describe "Permissions" do
        it "disallows PUT requests" do
          put "/jimmy/public/tasks/foo", "some text"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
        it "disallows DELETE requests" do
          delete "/jimmy/public/tasks/hello"
-          last_response.status.must_equal 403
+          last_response.status.must_equal 401
        end
      end
    end
--- a/spec/riak_spec.rb
+++ b/spec/riak_spec.rb
@ -632,26 +632,26 @@ describe "App with Riak backend" do
    end
    describe "GET" do
-      it "returns a 403" do
+      it "returns a 401" do
        get "/jimmy/documents/foo"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
    end
    describe "PUT" do
-      it "returns a 403" do
+      it "returns a 401" do
        put "/jimmy/documents/foo", "some text"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
    end
    describe "DELETE" do
-      it "returns a 403" do
+      it "returns a 401" do
        delete "/jimmy/documents/foo"
-        last_response.status.must_equal 403
+        last_response.status.must_equal 401
      end
    end
  end