1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-24 20:14:31 +02:00

Fixed basic auth to return 401 for error cases

Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana 2016-04-28 07:09:33 -07:00
parent bca2fd450e
commit a708a6781a
3 changed files with 6 additions and 7 deletions

View File

@ -2,7 +2,6 @@ package middleware
import (
"encoding/base64"
"net/http"
"github.com/labstack/echo"
)
@ -58,12 +57,12 @@ func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc {
if config.Validator(cred[:i], cred[i+1:]) {
return next(c)
}
c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted")
return echo.ErrUnauthorized
}
}
}
return echo.NewHTTPError(http.StatusBadRequest, "invalid basic-auth authorization header="+auth)
// Need to return `401` for browsers to pop-up login box.
c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted")
return echo.ErrUnauthorized
}
}
}

View File

@ -40,11 +40,11 @@ func TestBasicAuth(t *testing.T) {
// Empty Authorization header
req.Header().Set(echo.HeaderAuthorization, "")
he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code)
assert.Equal(t, http.StatusUnauthorized, he.Code)
// Invalid Authorization header
auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
req.Header().Set(echo.HeaderAuthorization, auth)
he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code)
assert.Equal(t, http.StatusUnauthorized, he.Code)
}

View File

@ -114,7 +114,7 @@ func JWTFromHeader(c echo.Context) (string, error) {
if len(auth) > l+1 && auth[:l] == bearer {
return auth[l+1:], nil
}
return "", echo.NewHTTPError(http.StatusBadRequest, "invalid jwt authorization header="+auth)
return "", echo.NewHTTPError(http.StatusBadRequest, "empty or invalid authorization header="+auth)
}
// JWTFromQuery returns a `JWTExtractor` that extracts token from the provided query