Respond 401 not 404 when bad request token

This commit is contained in:
Dane Everitt 2017-06-28 20:05:50 -05:00
parent 9ca5f97e65
commit 9515128b8a
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 5 additions and 1 deletions

View file

@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.6.4 (Courageous Carniadactylus)
### Changed
* Panel API for Daemon now responds with a `HTTP/401 Unauthorized` error when unable to locate a node with a given authentication token, rather than a `HTTP/404 Not Found` response.
## v0.6.3 (Courageous Carniadactylus)
### Fixed
* **[Security]** — Addresses an oversight in how the terminal rendered information sent from the server feed which allowed a malicious user to execute arbitrary commands on the game-server process itself by using a specifically crafted in-game command.

View file

@ -76,7 +76,7 @@ class DaemonAuthenticate
$node = Node::where('daemonSecret', $request->header('X-Access-Node'))->first();
if (! $node) {
return abort(404);
return abort(401);
}
return $next($request);