From bc13609bd5edfd6bad87d8c27e69e5e41f5522cf Mon Sep 17 00:00:00 2001
From: Brad Davidson <brad.davidson@rancher.com>
Date: Mon, 8 Feb 2021 23:51:37 -0800
Subject: [PATCH] Use appropriate response codes for authn/authz failures

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---
 pkg/server/auth.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/pkg/server/auth.go b/pkg/server/auth.go
index ff6eb8bcd60e..518e76a61a8c 100644
--- a/pkg/server/auth.go
+++ b/pkg/server/auth.go
@@ -30,19 +30,17 @@ func doAuth(roles []string, serverConfig *config.Control, next http.Handler, rw
 		logrus.Errorf("Authenticate not initialized: serverConfig.Runtime.Authenticator is nil")
 		rw.WriteHeader(http.StatusUnauthorized)
 		return
-	default:
-		//
 	}
 
 	resp, ok, err := serverConfig.Runtime.Authenticator.AuthenticateRequest(req)
 	if err != nil {
 		logrus.Errorf("Failed to authenticate request from %s: %v", req.RemoteAddr, err)
-		rw.WriteHeader(http.StatusInternalServerError)
+		rw.WriteHeader(http.StatusUnauthorized)
 		return
 	}
 
 	if !ok || !hasRole(roles, resp.User.GetGroups()) {
-		rw.WriteHeader(http.StatusUnauthorized)
+		rw.WriteHeader(http.StatusForbidden)
 		return
 	}