From 53380689ad00f00efc0c1790f1d25d08c95d7f2d Mon Sep 17 00:00:00 2001
From: Mark Monteiro <marknr.monteiro@protonmail.com>
Date: Mon, 13 Apr 2020 13:17:46 -0400
Subject: Return correct status codes for authentication and authorization
 errors

- Use AuthenticatonException to return 401
- Use SecurityException to return 403
- Update existing throws to throw the correct exception for the circumstance
---
 Emby.Server.Implementations/Session/SessionManager.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Emby.Server.Implementations/Session/SessionManager.cs')

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index de768333d..c93c02c48 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1414,7 +1414,7 @@ namespace Emby.Server.Implementations.Session
             if (user == null)
             {
                 AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
-                throw new SecurityException("Invalid username or password entered.");
+                throw new AuthenticationException("Invalid username or password entered.");
             }
 
             if (!string.IsNullOrEmpty(request.DeviceId)
-- 
cgit v1.2.3