Return 403 Forbidden rather than 401 Unauthorized on restricted project
Return 403 Forbidden rather than 401 Unauthorized on restricted project

401 Unauthorized requires a WWW-Authenticate header according to the
spec, which is not something that gitphp supports (Basic
authentication). 403 Forbidden technically means that authentication
won't help, but in this case they're talking about basic http
authentication, not app-level authentication.

Also I forgot to map the 401 code to a status header, so that wasn't
even working anyway.

--- a/include/controller/Controller_Message.class.php
+++ b/include/controller/Controller_Message.class.php
@@ -288,6 +288,8 @@
 	private function StatusCodeHeader($code)
 	{
 		switch ($code) {
+			case 403:
+				return '403 Forbidden';
 			case 404:
 				return '404 Not Found';
 			case 500:

--- a/include/exception/UnauthorizedProjectException.class.php
+++ b/include/exception/UnauthorizedProjectException.class.php
@@ -28,7 +28,7 @@
 		$this->Project = $project;
 		if (empty($message))
 			$message = sprintf('You are not authorized to access project %1$s', $project);
-		parent::__construct($message, true, 401, $code); 
+		parent::__construct($message, true, 403, $code); 
 	}
 }
 

comments