[TASK] Use a 401 header if login is not successful 49/23649/5
authorGeorg Ringer <georg.ringer@gmail.com>
Fri, 6 Sep 2013 08:00:04 +0000 (10:00 +0200)
committerMarkus Klein <klein.t3@mfc-linz.at>
Thu, 12 Sep 2013 21:09:58 +0000 (23:09 +0200)
If login is not correct, a 401 should be used instead of a 200.

Change-Id: Ia2fa139e89fe19df77bb0530b4fbce502506f524
Resolves: #51803
Releases: 6.2,6.1,6.0,4.5
Reviewed-on: https://review.typo3.org/23649
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php

index c3fcd92..a067960 100644 (file)
@@ -28,6 +28,7 @@ namespace TYPO3\CMS\Core\Authentication;
  ***************************************************************/
 
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\HttpUtility;
 
 /**
  * Authentication of users in TYPO3
@@ -803,10 +804,11 @@ abstract class AbstractUserAuthentication {
                                                // strip port from server
                                                $server = str_replace($sslPortSuffix, '', $server);
                                        }
-                                       \TYPO3\CMS\Core\Utility\HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
+                                       HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
                                }
                        }
                } elseif ($activeLogin || count($tempuserArr)) {
+                       HttpUtility::setResponseCode(HttpUtility::HTTP_STATUS_401);
                        $this->loginFailure = TRUE;
                        if ($this->writeDevLog && !count($tempuserArr) && $activeLogin) {
                                GeneralUtility::devLog('Login failed: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);