From cd546fdaee5f9f58c1c73b6ee93d0f1b19e02790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Se=CC=81bastien=20Be=CC=81al?= <sebastibe@gmail.com>
Date: Sat, 17 Mar 2012 20:27:01 +0900
Subject: [PATCH] raise 401 instead of 403 when user is not authenticated

---
 djangorestframework/permissions.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index 03d78c2ea..d11740831 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -23,6 +23,11 @@ __all__ = (
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 
 
+_401_UNAUTHORIZED = ErrorResponse(
+    status.HTTP_401_UNAUTHORIZED,
+    {'detail': 'The request requires user authentication.'},
+    {'WWW-Authenticate': 'Basic realm="API"'})
+
 _403_FORBIDDEN_RESPONSE = ErrorResponse(
     status.HTTP_403_FORBIDDEN,
     {'detail': 'You do not have permission to access this resource. ' +
@@ -66,7 +71,7 @@ class IsAuthenticated(BasePermission):
 
     def check_permission(self, user):
         if not user.is_authenticated():
-            raise _403_FORBIDDEN_RESPONSE
+            raise _401_UNAUTHORIZED
 
 
 class IsAdminUser(BasePermission):