Explorar el Código

[Web] Return 401 status code when API authentication fails

ntimo hace 6 años
padre
commit
8b5be0b56d
Se han modificado 1 ficheros con 2 adiciones y 0 borrados
  1. 2 0
      data/web/inc/sessions.inc.php

+ 2 - 0
data/web/inc/sessions.inc.php

@@ -60,6 +60,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
     else {
       $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
       error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
       echo json_encode(array(
         'type' => 'error',
         'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
@@ -71,6 +72,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
   else {
     $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
     error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
     echo json_encode(array(
       'type' => 'error',
       'msg' => 'authentication failed'