hedyorg · mergify · Apr 17, 2024 · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024
diff --git a/app.py b/app.py
@@ -986,7 +986,7 @@ def programs_page(user):
     # If from_user -> A teacher is trying to view the user programs
     if from_user and not is_admin(user):
         if not is_teacher(user):
-            return utils.error_page(error=403, ui_message=gettext('not_teacher'))
+            return utils.error_page(error=401, ui_message=gettext('not_teacher'))
         students = DATABASE.get_teacher_students(username)
         if from_user not in students:
             return utils.error_page(error=403, ui_message=gettext('not_enrolled'))
@@ -1073,7 +1073,7 @@ def programs_page(user):
 def query_logs():
     user = current_user()
     if not is_admin(user) and not is_teacher(user):
-        return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+        return utils.error_page(error=401, ui_message=gettext('unauthorized'))
 
     body = request.json
     if body is not None and not isinstance(body, dict):
@@ -1083,12 +1083,12 @@ def query_logs():
     if not is_admin(user):
         username_filter = body.get('username')
         if not class_id or not username_filter:
-            return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+            return utils.error_page(error=401, ui_message=gettext('unauthorized'))
 
         class_ = DATABASE.get_class(class_id)
         if not class_ or class_['teacher'] != user['username'] or username_filter not in class_.get('students', [
         ]):
-            return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+            return utils.error_page(error=401, ui_message=gettext('unauthorized'))
 
     (exec_id, status) = log_fetcher.query(body)
     response = {'query_status': status, 'query_execution_id': exec_id}
@@ -1103,7 +1103,7 @@ def get_log_results():
 
     user = current_user()
     if not is_admin(user) and not is_teacher(user):
-        return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+        return utils.error_page(error=401, ui_message=gettext('unauthorized'))
 
     data, next_token = log_fetcher.get_query_results(
         query_execution_id, next_token)
@@ -1862,7 +1862,7 @@ def get_cheatsheet_page(level):
 @app.route('/certificate/<username>', methods=['GET'])
 def get_certificate_page(username):
     if not current_user()['username']:
-        return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+        return utils.error_page(error=401, ui_message=gettext('unauthorized'))
     username = username.lower()
     user = DATABASE.user_by_username(username)
     if not user:
@@ -1962,7 +1962,7 @@ def reset_page():
     token = None if token == "null" else token
 
     if not username or not token:
-        return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+        return utils.error_page(error=401, ui_message=gettext('unauthorized'))
     return render_template(
         'reset.html',
         page_title=gettext('title_reset'),
@@ -2607,7 +2607,7 @@ def update_yaml():
 @app.route('/user/<username>')
 def public_user_page(username):
     if not current_user()['username']:
-        return utils.error_page(error=403, ui_message=gettext('unauthorized'))
+        return utils.error_page(error=401, ui_message=gettext('unauthorized'))
     username = username.lower()
     user = DATABASE.user_by_username(username)
     if not user:

diff --git a/messages.pot b/messages.pot
@@ -479,6 +479,9 @@ msgstr ""
 msgid "dash"
 msgstr ""
 
+msgid "default_401"
+msgstr ""
+
 msgid "default_403"
 msgstr ""
 

diff --git a/tests_e2e.py b/tests_e2e.py
@@ -592,7 +592,7 @@ def test_logout(self):
         # page load will be a 403. Need to have 'follow_redirects=False' or we won't see
         # the 302 code.
         self.get_data('profile', expect_http_code=302, follow_redirects=False)
-        self.get_data('profile', expect_http_code=403)
+        self.get_data('profile', expect_http_code=401)
 
     def test_destroy_account(self):
         # GIVEN a logged in user
@@ -606,7 +606,7 @@ def test_destroy_account(self):
         # THEN first receive a redirect response response code from the server, and
         # the next page load will be a forbidden
         self.get_data('profile', expect_http_code=302, follow_redirects=False)
-        self.get_data('profile', expect_http_code=403)
+        self.get_data('profile', expect_http_code=401)
 
     def test_invalid_change_password(self):
         # GIVEN a logged in user
@@ -879,7 +879,7 @@ def test_invalid_reset_password(self):
                         'password': '123456',
                         'password_repeat': '123456',
                         'token': 'foobar'},
-                       expect_http_code=403)
+                       expect_http_code=401)
 
     def test_reset_password(self):
         # GIVEN an existing user
@@ -975,7 +975,7 @@ def test_invalid_get_programs(self):
 
         # WHEN retrieving own programs but without sending a cookie
         # THEN receive a forbidden response code from the server
-        self.get_data('programs/list', expect_http_code=403, no_cookie=True)
+        self.get_data('programs/list', expect_http_code=401, no_cookie=True)
 
     def test_get_programs(self):
         # GIVEN a logged in user
@@ -1018,7 +1018,7 @@ def test_invalid_create_program(self):
                         'name': 'program 1',
                         'level': 1,
                         'shared': False},
-                       expect_http_code=403,
+                       expect_http_code=401,
                        no_cookie=True)
 
     def test_create_program(self):
@@ -1056,7 +1056,7 @@ def test_invalid_make_program_public(self):
         # WHEN sharing a program without being logged in
         # THEN receive a forbidden response code from the server
         self.post_data('programs/share/123456/False', {'id': '123456'},
-                       expect_http_code=403,
+                       expect_http_code=401,
                        no_cookie=True)
 
         # WHEN sharing a program that does not exist
@@ -1155,7 +1155,7 @@ def test_invalid_create_class(self):
 
         # WHEN creating a class without teacher permissions
         # THEN receive a forbidden response code from the server
-        self.post_data('class', {'name': 'class1'}, expect_http_code=403)
+        self.post_data('class', {'name': 'class1'}, expect_http_code=401)
 
         # WHEN marking the user as teacher
         self.make_current_user_teacher()
@@ -1230,7 +1230,7 @@ def test_invalid_update_class(self):
         # THEN receive a forbidden status code from the server
         self.post_data('class/' + Class['id'],
                        {'name': 'class2'},
-                       expect_http_code=403,
+                       expect_http_code=401,
                        put_data=True,
                        no_cookie=True)
 
@@ -1386,7 +1386,7 @@ def test_not_allowed_customization(self):
 
         # WHEN customizing a class without being a teacher
         # THEN receive a forbidden response code from the server
-        self.post_data('for-teachers/customize-class/' + class_id, {}, expect_http_code=403)
+        self.post_data('for-teachers/customize-class/' + class_id, {}, expect_http_code=401)
 
     def test_invalid_customization(self):
         # GIVEN a user with teacher permissions
@@ -1496,7 +1496,7 @@ def test_not_allowed_create_adventure(self):
 
         # WHEN attempting to start creating a valid adventure
         # THEN receive a forbidden response code from the server
-        self.get_data('for-teachers/customize-adventure', expect_http_code=403)
+        self.get_data('for-teachers/customize-adventure', expect_http_code=401)
 
     def test_create_adventure(self):
         # GIVEN a new teacher
@@ -1512,7 +1512,7 @@ def test_invalid_view_adventure(self):
 
         # WHEN attempting to view a custom adventure
         # THEN receive a 403 error from the server
-        self.get_data('for-teachers/customize-adventure/view/123', expect_http_code=403)
+        self.get_data('for-teachers/customize-adventure/view/123', expect_http_code=401)
 
         # GIVEN a new teacher
         self.given_fresh_teacher_is_logged_in()
@@ -1524,7 +1524,7 @@ def test_invalid_view_adventure(self):
     def test_invalid_adventure_id(self):
         # WHEN attempting to view a custom adventure that doesn't exist
         # THEN receive a 404 error from the server
-        self.get_data('for-teachers/customize-adventure/INVALID_NONEXISTING_ID', expect_http_code=403)
+        self.get_data('for-teachers/customize-adventure/INVALID_NONEXISTING_ID', expect_http_code=401)
 
     def test_invalid_update_adventure(self):
         # GIVEN a new teacher
@@ -1626,7 +1626,7 @@ def test_not_allowed_create_accounts(self):
 
         # WHEN trying to create multiple accounts
         # THEN receive a forbidden response code from the server
-        self.post_data('for-teachers/create-accounts', {}, expect_http_code=403)
+        self.post_data('for-teachers/create-accounts', {}, expect_http_code=401)
 
     def test_invalid_create_accounts(self):
         # GIVEN a new teacher

diff --git a/translations/ar/LC_MESSAGES/messages.po b/translations/ar/LC_MESSAGES/messages.po
@@ -555,9 +555,12 @@ msgstr "تخصيص الصف"
 msgid "dash"
 msgstr "علامة الشرطة"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "ليس مصرحاً لك الوصول على ما يبدو..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "لم نستطع إيجاد تلك الصفحة..."
 

diff --git a/translations/bg/LC_MESSAGES/messages.po b/translations/bg/LC_MESSAGES/messages.po
@@ -613,9 +613,12 @@ msgid "dash"
 msgstr "тире"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."

diff --git a/translations/bn/LC_MESSAGES/messages.po b/translations/bn/LC_MESSAGES/messages.po
@@ -634,9 +634,12 @@ msgid "dash"
 msgstr "a dash"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."

diff --git a/translations/ca/LC_MESSAGES/messages.po b/translations/ca/LC_MESSAGES/messages.po
@@ -517,9 +517,12 @@ msgstr "Personalitza la classe"
 msgid "dash"
 msgstr "un guió"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Sembla no estàs autoritzat..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "No hem pogut trobar aquesta pàgina..."
 

diff --git a/translations/cs/LC_MESSAGES/messages.po b/translations/cs/LC_MESSAGES/messages.po
@@ -614,9 +614,12 @@ msgid "dash"
 msgstr "pomlčka"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."

diff --git a/translations/cy/LC_MESSAGES/messages.po b/translations/cy/LC_MESSAGES/messages.po
@@ -634,9 +634,12 @@ msgid "dash"
 msgstr "a dash"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."

diff --git a/translations/da/LC_MESSAGES/messages.po b/translations/da/LC_MESSAGES/messages.po
@@ -634,9 +634,12 @@ msgid "dash"
 msgstr "a dash"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."

diff --git a/translations/de/LC_MESSAGES/messages.po b/translations/de/LC_MESSAGES/messages.po
@@ -517,9 +517,12 @@ msgstr "Passe eine Klasse an"
 msgid "dash"
 msgstr "ein Gedankenstrich"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Du bist anscheinend nicht authorisiert..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "Diese Seite konnten wir nicht finden…"
 

diff --git a/translations/el/LC_MESSAGES/messages.po b/translations/el/LC_MESSAGES/messages.po
@@ -573,9 +573,12 @@ msgstr "Προσαρμογή της τάξης"
 msgid "dash"
 msgstr "μία παύλα"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Μάλλον δεν είσαι εξουσιοδοτημένος/η..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "Δεν μπορούμε να βρούμε αυτήν την σελίδα..."
 

diff --git a/translations/en/LC_MESSAGES/messages.po b/translations/en/LC_MESSAGES/messages.po
@@ -480,9 +480,12 @@ msgstr "Customize class"
 msgid "dash"
 msgstr "a dash"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr "Looks like this action is forbidden..."
+
 msgid "default_404"
 msgstr "We could not find that page..."
 

diff --git a/translations/eo/LC_MESSAGES/messages.po b/translations/eo/LC_MESSAGES/messages.po
@@ -575,9 +575,12 @@ msgstr "Adapti klason"
 msgid "dash"
 msgstr "streketo"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Ŝajnas, ke vi ne estas rajtigita…"
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "La paĝo ne troviĝis…"
 

diff --git a/translations/es/LC_MESSAGES/messages.po b/translations/es/LC_MESSAGES/messages.po
@@ -482,9 +482,12 @@ msgstr "Personalizar clase"
 msgid "dash"
 msgstr "un guión"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Parece que no tienes autorización..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "No pudimos encontrar esa página..."
 

diff --git a/translations/et/LC_MESSAGES/messages.po b/translations/et/LC_MESSAGES/messages.po
@@ -624,9 +624,12 @@ msgstr "Customize class"
 msgid "dash"
 msgstr "a dash"
 
-msgid "default_403"
+msgid "default_401"
 msgstr "Sul ei ole luba seda lehekülge näha..."
 
+msgid "default_403"
+msgstr ""
+
 msgid "default_404"
 msgstr "Seda lehekülge ei leitud..."
 

diff --git a/translations/fa/LC_MESSAGES/messages.po b/translations/fa/LC_MESSAGES/messages.po
@@ -634,9 +634,12 @@ msgid "dash"
 msgstr "a dash"
 
 #, fuzzy
-msgid "default_403"
+msgid "default_401"
 msgstr "Looks like you aren't authorized..."
 
+msgid "default_403"
+msgstr ""
+
 #, fuzzy
 msgid "default_404"
 msgstr "We could not find that page..."