[TASK] Use a 401 header if login is not successful 00/23800/2
authorGeorg Ringer <georg.ringer@gmail.com>
Fri, 6 Sep 2013 08:00:04 +0000 (10:00 +0200)
committerMarkus Klein <klein.t3@mfc-linz.at>
Thu, 12 Sep 2013 21:30:46 +0000 (23:30 +0200)
If login is not correct, a 401 should be used instead of a 200.

Change-Id: Ia2fa139e89fe19df77bb0530b4fbce502506f524
Resolves: #51803
Releases: 6.2,6.1,6.0,4.5
Reviewed-on: https://review.typo3.org/23800
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php

index 69ce83a..52b4e9c 100644 (file)
@@ -27,6 +27,8 @@ namespace TYPO3\CMS\Core\Authentication;
  *  This copyright notice MUST APPEAR in all copies of the script!
  ***************************************************************/
 
+use TYPO3\CMS\Core\Utility\HttpUtility;
+
 /**
  * Authentication of users in TYPO3
  *
@@ -801,10 +803,11 @@ abstract class AbstractUserAuthentication {
                                                // strip port from server
                                                $server = str_replace($sslPortSuffix, '', $server);
                                        }
-                                       \TYPO3\CMS\Core\Utility\HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
+                                       HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
                                }
                        }
                } elseif ($activeLogin || count($tempuserArr)) {
+                       HttpUtility::setResponseCode(HttpUtility::HTTP_STATUS_401);
                        $this->loginFailure = TRUE;
                        if ($this->writeDevLog && !count($tempuserArr) && $activeLogin) {
                                \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Login failed: ' . \TYPO3\CMS\Core\Utility\GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);