[Web] Return 401 status code when API authentication fails

2019-10-02 13:05:12 +02:00 · 2019-10-02 13:05:12 +02:00 · 8b5be0b56d
parent 9f66b83a34
commit 8b5be0b56d
1 changed files with 2 additions and 0 deletions
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@ -60,6 +60,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
    else {
      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      http_response_code(401);
      echo json_encode(array(
        'type' => 'error',
        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
@ -71,6 +72,7 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
  else {
    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    http_response_code(401);
    echo json_encode(array(
      'type' => 'error',
      'msg' => 'authentication failed'