changeset 2886:5ca6d53d3186

Return 401 with correct realm when no user/pass is provided
author Nicolas Cedilnik <nicoco@nicoco.fr>
date Tue, 20 Feb 2018 17:30:17 +0100
parents 88b16084eda7
children 65082d91950e
files mod_http_auth_check/mod_http_auth_check.lua
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_auth_check/mod_http_auth_check.lua	Tue Feb 20 14:59:03 2018 +0000
+++ b/mod_http_auth_check/mod_http_auth_check.lua	Tue Feb 20 17:30:17 2018 +0100
@@ -14,7 +14,8 @@
 	local response = event.response;
 	local headers = request.headers;
 	if not headers.authorization then
-		return 400
+		response.headers.www_authenticate = ("Basic realm=%q"):format(realm);
+		return 401
 	end
 	local from_jid, password = b64_decode(headers.authorization:match"[^ ]*$"):match"([^:]*):(.*)";
 	from_jid = jid_prep(from_jid);