upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
nextcloud/lib
History
Ferdinand Thiessen 9b54b06de5
fix(SecurityMiddleware): return header to distinguish error type 
Currently we return a 403 (Forbidden) when the password confirmation
failed - which itself seems to be inappropriate as its basically a login
failing so a 401 (not authorized) is more appropriate.

This is especially a problem because APIs might return 403 internally
for good reason (e.g. user missing permission) but 401 would not be a
problem.

But as this is a breaking change so my solution to be able to
distinguish API error from password confirmation error is:

Add a header inside the response that marks failed password confirmation
`X-NC-Auth-NotConfirmed`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-03-11 15:11:29 +01:00
..
composer Merge pull request #58474 from nextcloud/jtr/chore-drop-OC-JSON 2026-03-08 16:51:12 +01:00
l10n fix(l10n): Update translations from Transifex 2026-03-09 00:19:53 +00:00
private fix(SecurityMiddleware): return header to distinguish error type 2026-03-11 15:11:29 +01:00
public feat(UserPlugin): Include teams in group search 2026-03-09 13:51:27 +01:00
unstable feat(signed-request): moving out of unstable 2026-01-09 20:16:24 -01:00
base.php fix(occ): Do not attempt to send headers on CLI 2026-02-24 10:22:13 +01:00
versioncheck.php ci(PHP): Test against 8.5 on CI 2025-12-19 15:34:34 +01:00