go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-06-15 00:14:57 +02:00
Code Issues Releases Activity

Fixed basic auth to return 401 for error cases

Browse Source 
Signed-off-by: Vishal Rana <vr@labstack.com>
This commit is contained in:
Vishal Rana
2016-04-28 07:09:33 -07:00
parent bca2fd450e
commit a708a6781a
3 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
middleware/basic_auth.go
View File

@ -2,7 +2,6 @@ package middleware
import ( import (
"encoding/base64" "encoding/base64"
"net/http"
"github.com/labstack/echo" "github.com/labstack/echo"
) )
@ -58,12 +57,12 @@ func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc {
if config.Validator(cred[:i], cred[i+1:]) { if config.Validator(cred[:i], cred[i+1:]) {
return next(c) return next(c)
} }
}
}
}
// Need to return `401` for browsers to pop-up login box.
c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted") c.Response().Header().Set(echo.HeaderWWWAuthenticate, basic+" realm=Restricted")
return echo.ErrUnauthorized return echo.ErrUnauthorized
} }
} }
}
return echo.NewHTTPError(http.StatusBadRequest, "invalid basic-auth authorization header="+auth)
}
}
} }

4
middleware/basic_auth_test.go
View File

@ -40,11 +40,11 @@ func TestBasicAuth(t *testing.T) {
// Empty Authorization header // Empty Authorization header
req.Header().Set(echo.HeaderAuthorization, "") req.Header().Set(echo.HeaderAuthorization, "")
he = h(c).(*echo.HTTPError) he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code) assert.Equal(t, http.StatusUnauthorized, he.Code)
// Invalid Authorization header // Invalid Authorization header
auth = base64.StdEncoding.EncodeToString([]byte("invalid")) auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
req.Header().Set(echo.HeaderAuthorization, auth) req.Header().Set(echo.HeaderAuthorization, auth)
he = h(c).(*echo.HTTPError) he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code) assert.Equal(t, http.StatusUnauthorized, he.Code)
} }

2
middleware/jwt_auth.go
View File

@ -114,7 +114,7 @@ func JWTFromHeader(c echo.Context) (string, error) {
if len(auth) > l+1 && auth[:l] == bearer { if len(auth) > l+1 && auth[:l] == bearer {
return auth[l+1:], nil return auth[l+1:], nil
} }
return "", echo.NewHTTPError(http.StatusBadRequest, "invalid jwt authorization header="+auth) return "", echo.NewHTTPError(http.StatusBadRequest, "empty or invalid authorization header="+auth)
} }
// JWTFromQuery returns a `JWTExtractor` that extracts token from the provided query // JWTFromQuery returns a `JWTExtractor` that extracts token from the provided query