403 clicking "fix credit card" in email when not logged in

[JVimes]

My credit card expired and I got the email reminding me to fix payment info. I clicked the "fix credit card" button in the email and was taken to a 403 Forbidden page. Would expect to be taken to login form when I'm not already logged in. Thanks!

[mattbk]

I think the behavior should be something like https://gratipay.com/new when a ~user is not logged in, would that work, @JVimes?

rather than

[mattbk]

Solution to copy: https://github.com/gratipay/gratipay.com/blob/master/emails/charge_failed.spt#L15https://github.com/gratipay/gratipay.com/blob/master/www/new.spt#L8

Link in email: https://github.com/gratipay/gratipay.com/blob/master/emails/charge_failed.spt#L15

To change: https://github.com/gratipay/gratipay.com/blob/master/www/~/%25username/routes/credit-card.spt#L40

[JVimes]

@mattbk, sorry for delay. That would be better, but could the styling for the 401 page be customized to put the emphasis on login rather than the HTTP status code? End users aren't concerned with the 401 status, they just want to be presented with the login form as soon as possible.

[mattbk]

Probably. Glad you're paying attention--I don't even look at anything in the header anymore.

[mattbk]

Not as complicated as #4040 (comment) lays out. There was no 403.spt file, so no special page was shown.

[chadwhitacre]

Shouldn't we be raising 401 in this case instead of 403?

401 = not logged in
403 = already logged in but still not allowed

[mattbk]

401 = not logged in
403 = already logged in but still not allowed

Then why do I get 403 when not logged in, for pages like this?

[chadwhitacre]

Because we're doing it wrong? :)

Unless we're not, but I think we are ...

https://httpstatuses.com/401
https://httpstatuses.com/403