Change non logged in 403s to 401s.

2014-03-19 13:57:36 -04:00 · 2014-03-19 13:57:36 -04:00 · 6fc369bed2
commit 6fc369bed2
parent 7bd4b9a71c
5 changed files with 163 additions and 158 deletions
--- a/endpoints/api/init.py
+++ b/endpoints/api/init.py
@ -57,7 +57,12 @@ class InvalidToken(ApiException):

 class Unauthorized(ApiException):
  def __init__(self, payload=None):
-    ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload)
+    user = get_authenticated_user()
+    if user is None or user.organization:
+      ApiException.__init__(self, 'invalid_token', 401, "Requires authentication", payload)
+    else:
+      ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload)
+


 class NotFound(ApiException):
@ -190,8 +195,7 @@ def require_user_permission(permission_class, scope=None):
    def wrapped(self, *args, **kwargs):
      user = get_authenticated_user()
      if not user:
-        logger.debug('User is anonymous.')
-        raise InvalidToken('Method requires an auth token or user login.')
+        raise Unauthorized()

      logger.debug('Checking permission %s for user', permission_class, user.username)
      permission = permission_class(user.username)
@ -202,7 +206,7 @@ def require_user_permission(permission_class, scope=None):
  return wrapper


-require_user_read = require_user_permission(UserReadPermission, scopes.USER_READ)
+require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
 require_user_admin = require_user_permission(UserAdminPermission, None)