From dc3fbfa7d1861a4bb65fb284228a6ea155ba37a5 Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Thu, 8 Sep 2016 09:51:38 -0400
Subject: Raise 401 for invalid credentials

Change-Id: Ie41b568aa45b1f09b0940e5ee1b3472a46b08db1
Resolves: openbmc/phosphor-rest-server#25
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 module/obmc/wsgi/apps/rest_dbus.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'module/obmc/wsgi/apps')

diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index 246396c..fa4037f 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py
@@ -41,7 +41,7 @@ def valid_user(session, *a, **kw):
     ''' Authorization plugin callback that checks
     that the user is logged in. '''
     if session is None:
-        abort(403, 'Login required')
+        abort(401, 'Login required')
 
 
 class UserInGroup:
@@ -479,7 +479,7 @@ class SessionHandler(MethodHandler):
             abort(400, self.bad_json_str % (request.json))
 
         if not self.authenticate(*request.parameter_list):
-            return self.bad_passwd_str
+            abort(401, self.bad_passwd_str)
 
         user = request.parameter_list[0]
         session = self.new_session()
-- 
cgit v1.2.1