Fixing API to 401 rather than 302.

steveklabnik · steveklabnik · commit 2f4005296859 · 2011-01-17T20:02:00.000-05:00
When our auth is bad, we shouldn't 302, we should 401. That was stupid.
diff --git a/controllers/programs_controller.rb b/controllers/programs_controller.rb
@@ -71,7 +71,7 @@
 put "/programs/:username/:slug.json" do
   require_login_or_api! :username => params[:username], :password => params[:password]
   if current_user.username != params[:username]
-    redirect "/"
+    halt 401
   end
   program = Program.first(:creator_username => params[:username], :slug => params[:slug])
   if program.nil?
diff --git a/helpers.rb b/helpers.rb
@@ -57,7 +57,7 @@ def require_login_or_api!(opts = {:return => "/"})
     if hacker
       session[:hacker_id] = hacker.id
     else
-      require_login!(opts)
+      halt 401
     end
   end
 
