Present WWW-Authenticate on failure to authenticate

This commit is contained in:
Mikael Nordfeldth 2014-11-10 12:17:39 +01:00
parent b6a168c82e
commit 34f6ea1d04

View File

@ -317,11 +317,14 @@ class ApiAuthAction extends ApiAction
$this->auth_user_nickname $this->auth_user_nickname
); );
$this->logAuthFailure($msg); $this->logAuthFailure($msg);
// We must present WWW-Authenticate in accordance to HTTP status code 401
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// TRANS: Client error thrown when authentication fails. // TRANS: Client error thrown when authentication fails.
$this->clientError(_('Could not authenticate you.'), 401); $this->clientError(_('Could not authenticate you.'), 401);
} }
} else { } else {
// all get rw access for actions that don't need auth // all get rw access for actions that don't require auth
$this->access = self::READ_WRITE; $this->access = self::READ_WRITE;
} }
} }