Return 401 with correct realm when no user/pass is provided default tip

Tue, 20 Feb 2018 17:30:17 +0100

author
Nicolas Cedilnik <nicoco@nicoco.fr>
date
Tue, 20 Feb 2018 17:30:17 +0100
changeset 2886
5ca6d53d3186
parent 2885
88b16084eda7

Return 401 with correct realm when no user/pass is provided

mod_http_auth_check/mod_http_auth_check.lua file | annotate | diff | comparison | revisions
--- a/mod_http_auth_check/mod_http_auth_check.lua	Tue Feb 20 14:59:03 2018 +0000
+++ b/mod_http_auth_check/mod_http_auth_check.lua	Tue Feb 20 17:30:17 2018 +0100
@@ -14,7 +14,8 @@
 	local response = event.response;
 	local headers = request.headers;
 	if not headers.authorization then
-		return 400
+		response.headers.www_authenticate = ("Basic realm=%q"):format(realm);
+		return 401
 	end
 	local from_jid, password = b64_decode(headers.authorization:match"[^ ]*$"):match"([^:]*):(.*)";
 	from_jid = jid_prep(from_jid);

mercurial