On Thu, 2013-04-04 at 22:38 +0400, Lennart Kolmodin wrote:What browser are you using?
> I tried to login with my username/pw, but failed.
>
> Here's what I did:
> I go to a package I've published and hit "edit package information" in the
> Maintainers' corner.
> It prompts me to login.
> If I hit cancel, it shows No authorization provided.
> If I type a random username/pw it keeps asking me.
> If I type my actual username/pw it asks me several times, then my
> webbrowser shows "This webpage is not available" (ie. not an error message
> from hackage). At one point it showed me a page where I could upgrade my
> account (and I haven't yet), but it does not show that page any more.
> I tried several times, it repeatedly shows me "This webpage is not
> available".
I'm going to try changing the status we return in this situation from
401 to 403. That is, if you have an existing account but it has an
old-style password that needs to be upgraded, then instead of returning
a 401 response with a page linking to the upgrade page, we return a 403.
In firefox the current responses work fine, but looking at the RFC it
makes it clear that 401 isn't the right response in this case. So I'll
try 403.