parent: 197eb3a2 | patch | commit | ignore whitespace
Bowe Strickland
2018-10-27 6e49871feaa1a60549206cf5512c9fb7f3d5fd56 
Merge pull request #1 from RedHatTraining/bostrick-patch-throw_401_for_unauthenticated

Throw 401 for security denial for unauthenticated
1 files modified
8 ■■■■■ changed files
src/pyramid/viewderivers.py 8 ●●●●● patch | view | raw | blame | history 
 src/pyramid/viewderivers.py


@@ -2,7 +2,7 @@




from zope.interface import implementer, provider




from pyramid.security import NO_PERMISSION_REQUIRED


from pyramid.security import NO_PERMISSION_REQUIRED, Authenticated


from pyramid.csrf import check_csrf_origin, check_csrf_token


from pyramid.response import Response




@@ -20,7 +20,7 @@


from pyramid.compat import is_bound_method, is_unbound_method




from pyramid.exceptions import ConfigurationError


from pyramid.httpexceptions import HTTPForbidden


from pyramid.httpexceptions import HTTPForbidden, HTTPUnauthorized


from pyramid.util import object_description, takes_one_arg


from pyramid.view import render_view_to_response


from pyramid import renderers


@@ -329,7 +329,9 @@


                'authdebug_message',


                'Unauthorized: %s failed permission check' % view_name,


            )


            raise HTTPForbidden(msg, result=result)


            if Authenticated in result.principals:


                raise HTTPForbidden(msg, result=result)


            raise HTTPUnauthorized(msg)




        wrapped_view = secured_view


        wrapped_view.__call_permissive__ = view