[sr-dev] git:master: auth: added new error code to auth API

[Juha Heinanen]

Alex Balashov writes:

> The problem, as you well know, is that not having the check allows a
> user A to impersonate the identity of any other user B, as long as
> user A has his own valid credentials for himself.

yes, i well know it and therefore one needs to check if the user really
owns the uri or not.  to make an automatic invalid check is in my opinion
a very bad idea, since according to rfc3261 uri userpart does not have
anything to do with user's authentication username.

-- juha