# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1586707636 -7200
# Node ID ae5ac41c391d03882f409e6580f84871eea78f78
# Parent  e0f3e29ab18ae38d69a3951b8fccdaff4039da36
mod_rest: Improve auth error reporting

diff -r e0f3e29ab18a -r ae5ac41c391d mod_rest/mod_rest.lua
--- a/mod_rest/mod_rest.lua	Tue Apr 07 22:11:52 2020 +0200
+++ b/mod_rest/mod_rest.lua	Sun Apr 12 18:07:16 2020 +0200
@@ -116,6 +116,8 @@
 end
 
 local post_errors = {
+	noauthz = { code = 401, type = "auth", condition = "not-authorized", text = "No credentials provided" },
+	unauthz = { code = 403, type = "auth", condition = "not-authorized", text = "Credentials not accepted" },
 	parse = { code = 400, condition = "not-well-formed", text = "Failed to parse payload", },
 	xmlns = { code = 422, condition = "invalid-namespace", text = "'xmlns' attribute must be empty", },
 	name = { code = 422, condition = "unsupported-stanza-type", text = "Invalid stanza, must be 'message', 'presence' or 'iq'.", },
@@ -133,11 +135,11 @@
 
 	if not request.headers.authorization then
 		response.headers.www_authenticate = www_authenticate_header;
-		return 401;
+		return errors.new("noauthz", nil, post_errors);
 	else
 		origin = check_credentials(request);
 		if not origin then
-			return 401;
+			return errors.new("unauthz", nil, post_errors);
 		end
 		from = jid.join(origin.username, origin.host, origin.resource);
 	end