From ee1f01a0dfd20421f9ca4078c9dde15915bad44c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 11 Nov 2019 12:41:00 +0100
Subject: [PATCH] Fix so 401 error is returned only on failed logon requests
 (#7010)

---
 CHANGELOG | 1 +
 index.php | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index e220682c8..abf29add2 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail
 - Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
 - Fix bug where cache keys could exceed length limit specified in db schema (#7004)
 - Fix invalid Signature button state after escaping Mailvelope mode (#7015)
+- Fix so 401 error is returned only on failed logon requests (#7010)
 
 RELEASE 1.4.0
 -------------
diff --git a/index.php b/index.php
index 2f0baac27..9027737c3 100644
--- a/index.php
+++ b/index.php
@@ -234,7 +234,8 @@ if (empty($RCMAIL->user->ID)) {
     $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array(
             'task'      => 'login',
             'error'     => $session_error,
-            'http_code' => !$session_error ? 401 : 200
+            // Return 401 only on failed logins (#7010)
+            'http_code' => empty($session_error) && !empty($error_message) ? 401 : 200
     ));
 
     $RCMAIL->set_task($plugin['task']);