mirror of
https://github.com/labstack/echo.git
synced 2024-12-24 20:14:31 +02:00
Fixed basic auth to return 401 for error cases
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
parent
bca2fd450e
commit
a708a6781a
@ -2,7 +2,6 @@ package middleware
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"net/http"
|
||||
|
||||
"github.com/labstack/echo"
|
||||
)
|
||||
@ -58,12 +57,12 @@ func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc {
|
||||
if config.Validator(cred[:i], cred[i+1:]) {
|
||||
return next(c)
|
||||
}
|
||||
c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted")
|
||||
return echo.ErrUnauthorized
|
||||
}
|
||||
}
|
||||
}
|
||||
return echo.NewHTTPError(http.StatusBadRequest, "invalid basic-auth authorization header="+auth)
|
||||
// Need to return `401` for browsers to pop-up login box.
|
||||
c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted")
|
||||
return echo.ErrUnauthorized
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -40,11 +40,11 @@ func TestBasicAuth(t *testing.T) {
|
||||
// Empty Authorization header
|
||||
req.Header().Set(echo.HeaderAuthorization, "")
|
||||
he = h(c).(*echo.HTTPError)
|
||||
assert.Equal(t, http.StatusBadRequest, he.Code)
|
||||
assert.Equal(t, http.StatusUnauthorized, he.Code)
|
||||
|
||||
// Invalid Authorization header
|
||||
auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
|
||||
req.Header().Set(echo.HeaderAuthorization, auth)
|
||||
he = h(c).(*echo.HTTPError)
|
||||
assert.Equal(t, http.StatusBadRequest, he.Code)
|
||||
assert.Equal(t, http.StatusUnauthorized, he.Code)
|
||||
}
|
||||
|
@ -114,7 +114,7 @@ func JWTFromHeader(c echo.Context) (string, error) {
|
||||
if len(auth) > l+1 && auth[:l] == bearer {
|
||||
return auth[l+1:], nil
|
||||
}
|
||||
return "", echo.NewHTTPError(http.StatusBadRequest, "invalid jwt authorization header="+auth)
|
||||
return "", echo.NewHTTPError(http.StatusBadRequest, "empty or invalid authorization header="+auth)
|
||||
}
|
||||
|
||||
// JWTFromQuery returns a `JWTExtractor` that extracts token from the provided query
|
||||
|
Loading…
Reference in New Issue
Block a user