Fixes yiisoft#9846: Fixed yii\web\User::loginRequired() should thro…

…w 401 not 403
Sue0115 · Oct 7, 2015 · 4e715f9 · 4e715f9
1 parent d0060ef
commit 4e715f9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
@@ -21,6 +21,7 @@ Yii Framework 2 Change Log
 - Bug #9714: Fixed `yii\rbac\PhpManager::updateItem()` unable to save users assignments (rezident1307)
 - Bug #9754: Fixed `yii\web\Request` error when path info is empty (dynasource)
 - Bug #9791: Fixed endless loop on file creation for non-existing device letters on windows (lukos, cebe)
+- Bug #9846: Fixed `yii\web\User::loginRequired()` should throw 401 not 403 (spikyjt)
 - Bug: Fixed generation of canonical URLs for `ViewAction` pages (samdark)
 - Enh #7581: Added ability to specify range using anonymous function in `RangeValidator` (RomeroMsk)
 - Enh #8613: `yii\widgets\FragmentCache` will not store empty content anymore which fixes some problems related to `yii\filters\PageCache` (kidol)

diff --git a/framework/web/User.php b/framework/web/User.php
@@ -88,7 +88,7 @@ class User extends Component
      * ['site/login', 'ref' => 1]
      * ~~~
      *
-     * If this property is null, a 403 HTTP exception will be raised when [[loginRequired()]] is called.
+     * If this property is null, a 401 HTTP exception will be raised when [[loginRequired()]] is called.
      */
     public $loginUrl = ['site/login'];
     /**
@@ -414,7 +414,7 @@ public function setReturnUrl($url)
      * @param boolean $checkAjax whether to check if the request is an AJAX request. When this is true and the request
      * is an AJAX request, the current URL (for AJAX request) will NOT be set as the return URL.
      * @return Response the redirection response if [[loginUrl]] is set
-     * @throws ForbiddenHttpException the "Access Denied" HTTP exception if [[loginUrl]] is not set
+     * @throws UnauthorizedHttpException the "Unauthorized" HTTP exception if [[loginUrl]] is not set
      */
     public function loginRequired($checkAjax = true)
     {
@@ -428,7 +428,7 @@ public function loginRequired($checkAjax = true)
                 return Yii::$app->getResponse()->redirect($this->loginUrl);
             }
         }
-        throw new ForbiddenHttpException(Yii::t('yii', 'Login Required'));
+        throw new UnauthorizedHttpException(Yii::t('yii', 'Login Required'));
     }
 
     /**