auth_check.require_login should return 401 instead of 403
If the user isn't logged in 401 (Unauthorized) should be returned instead of 403 (Forbidden). e.g. https://exams.vis.ethz.ch/api/notification/unreadcount/ should return 401 instead of 403.
If the user isn't logged in 401 (Unauthorized) should be returned instead of 403 (Forbidden). e.g. https://exams.vis.ethz.ch/api/notification/unreadcount/ should return 401 instead of 403.