paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Return 401 status code when API authentication fails

master
ntimo 2019-10-02 13:05:12 +02:00
parent 9f66b83a34
commit 8b5be0b56d
No known key found for this signature in database
GPG Key ID: 3AF3627FB0440D55
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/sessions.inc.php
View File

@ -60,6 +60,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
else { else {
$redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']); $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']); error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
http_response_code(401);
echo json_encode(array( echo json_encode(array(
'type' => 'error', 'type' => 'error',
'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR'] 'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
@ -71,6 +72,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
else { else {
$redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']); $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']); error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
http_response_code(401);
echo json_encode(array( echo json_encode(array(
'type' => 'error', 'type' => 'error',
'msg' => 'authentication failed' 'msg' => 'authentication failed'