From 6e49871feaa1a60549206cf5512c9fb7f3d5fd56 Mon Sep 17 00:00:00 2001 From: Bowe Strickland <bowe@redhat.com> Date: Sat, 27 Oct 2018 13:49:20 +0200 Subject: [PATCH] Merge pull request #1 from RedHatTraining/bostrick-patch-throw_401_for_unauthenticated --- src/pyramid/viewderivers.py | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/pyramid/viewderivers.py b/src/pyramid/viewderivers.py index fbe0c25..cad9da4 100644 --- a/src/pyramid/viewderivers.py +++ b/src/pyramid/viewderivers.py @@ -2,7 +2,7 @@ from zope.interface import implementer, provider -from pyramid.security import NO_PERMISSION_REQUIRED +from pyramid.security import NO_PERMISSION_REQUIRED, Authenticated from pyramid.csrf import check_csrf_origin, check_csrf_token from pyramid.response import Response @@ -20,7 +20,7 @@ from pyramid.compat import is_bound_method, is_unbound_method from pyramid.exceptions import ConfigurationError -from pyramid.httpexceptions import HTTPForbidden +from pyramid.httpexceptions import HTTPForbidden, HTTPUnauthorized from pyramid.util import object_description, takes_one_arg from pyramid.view import render_view_to_response from pyramid import renderers @@ -329,7 +329,9 @@ 'authdebug_message', 'Unauthorized: %s failed permission check' % view_name, ) - raise HTTPForbidden(msg, result=result) + if Authenticated in result.principals: + raise HTTPForbidden(msg, result=result) + raise HTTPUnauthorized(msg) wrapped_view = secured_view wrapped_view.__call_permissive__ = view -- Gitblit v1.9.3