Commit 026c5000 authored by Vincent Pelletier's avatar Vincent Pelletier

wsgi: Use Unauthorized with non-standard scheme when authentication fails

parent ba4a750b
......@@ -1197,7 +1197,7 @@ class CaucaseTest(unittest.TestCase):
# pylint: enable=unbalanced-tuple-unpacking
status, reason = status.split(' ', 1)
return int(status), reason, header_list, ''.join(body)
UNAUTHORISED_STATUS = 404
UNAUTHORISED_STATUS = 401
self.assertEqual(request({
'PATH_INFO': '/',
......
......@@ -48,6 +48,17 @@ class BadRequest(ApplicationError):
"""
status = _getStatus(httplib.BAD_REQUEST)
class Unauthorized(ApplicationError):
"""
HTTP unauthorized error
"""
status = _getStatus(httplib.UNAUTHORIZED)
_response_headers = [
# XXX: non standard scheme, suggested in
# https://www.ietf.org/mail-archive/web/httpbisa/current/msg03764.html
('WWW-Authenticate', 'transport'),
]
class NotFound(ApplicationError):
"""
HTTP not found error
......@@ -198,12 +209,6 @@ class Application(object):
Raises NotFound if authentication does not pass checks.
On success, appends a "Cache-Control" header.
"""
# Note on NotFound usage here: HTTP specs do not describe how to request
# client to provide transport-level authentication mechanism (x509 cert)
# so 401 is not applicable. 403 is not applicable either as spec requests
# client to not retry the request. 404 is recommended when server does not
# wish to disclose the reason why it rejected the access, so let's use
# this.
try:
ca_list = self._cau.getCACertificateList()
utils.load_certificate(
......@@ -215,7 +220,7 @@ class Application(object):
),
)
except (exceptions.CertificateVerificationError, ValueError):
raise NotFound
raise Unauthorized
header_list.append(('Cache-Control', 'private'))
def _readJSON(self, environ):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment