minor #35606 [Security] Replace 403 with 401 in onAuthenticationFailure method (alanpoulain)

nicolas-grekas · nicolas-grekas · commit adacae6f5458 · 2020-02-05T19:10:08.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Replace 403 with 401 in `onAuthenticationFailure` method | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | N/A | License | MIT | Doc PR | N/A This comment in `onAuthenticationFailure` was misleading since a 401 status code should probably be returned instead of a 403. Commits ------- 73bc793 Replace 403 with 401 in onAuthenticationFailure method
diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php
@@ -107,7 +107,7 @@ public function createAuthenticatedToken(UserInterface $user, $providerKey);
      * Called when authentication executed, but failed (e.g. wrong username password).
      *
      * This should return the Response sent back to the user, like a
-     * RedirectResponse to the login page or a 403 response.
+     * RedirectResponse to the login page or a 401 response.
      *
      * If you return null, the request will continue, but the user will
      * not be authenticated. This is probably not what you want to do.

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public function createAuthenticatedToken(UserInterface $user, $providerKey);`
`107`	`107`	`* Called when authentication executed, but failed (e.g. wrong username password).`
`108`	`108`	`*`
`109< 5793 /code>`	`109`	`* This should return the Response sent back to the user, like a`
`110`		`- * RedirectResponse to the login page or a 403 response.`
	`110`	`+ * RedirectResponse to the login page or a 401 response.`
`111`	`111`	`*`
`112`	`112`	`* If you return null, the request will continue, but the user will`
`113`	`113`	`* not be authenticated. This is probably not what you want to do.`