On Wed, 2013-04-10 at 23:58 +0400, Lennart Kolmodin wrote:
2013/4/5 Duncan Coutts
On Thu, 2013-04-04 at 22:38 +0400, Lennart Kolmodin wrote:
I tried to login with my username/pw, but failed.
Here's what I did: I go to a package I've published and hit "edit package information" in the Maintainers' corner. It prompts me to login. If I hit cancel, it shows No authorization provided. If I type a random username/pw it keeps asking me. If I type my actual username/pw it asks me several times, then my webbrowser shows "This webpage is not available" (ie. not an error message from hackage). At one point it showed me a page where I could upgrade my account (and I haven't yet), but it does not show that page any more. I tried several times, it repeatedly shows me "This webpage is not available".
What browser are you using?
I just tried again,
Ta.
and it worked. Now I also upgraded the account. I tried again to login to the upgraded account, it worked.
Great. So that was after I changed it to use 403.
I was using Chrome 26 when I tried to login a few days ago, now I'm using Chrome 27.
I'll assume it was the changes I made rather than chrome changes. :-) Duncan
I'm going to try changing the status we return in this situation from 401 to 403. That is, if you have an existing account but it has an old-style password that needs to be upgraded, then instead of returning a 401 response with a page linking to the upgrade page, we return a 403.
In firefox the current responses work fine, but looking at the RFC it makes it clear that 401 isn't the right response in this case. So I'll try 403.