Present WWW-Authenticate on failure to authenticate

author Mikael Nordfeldth <mmn@hethane.se>

Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)

committer Mikael Nordfeldth <mmn@hethane.se>

Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)
author Mikael Nordfeldth <mmn@hethane.se>
Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)
committer Mikael Nordfeldth <mmn@hethane.se>
Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)
diff --git a/lib/apiauthaction.php b/lib/apiauthaction.php

index 0a1e0b8e245afe792755187b1bee50eba6c9b896..40161b7ab57c4a73cc25086961a61accd6fbd7bc 100644 (file)
--- a/lib/apiauthaction.php
+++ b/lib/apiauthaction.php
@@ -317,11 +317,14 @@ class ApiAuthAction extends ApiAction
                      $this->auth_user_nickname
                  );
                  $this->logAuthFailure($msg);
+
+                // We must present WWW-Authenticate in accordance to HTTP status code 401
+                header('WWW-Authenticate: Basic realm="' . $realm . '"');
                  // TRANS: Client error thrown when authentication fails.
                  $this->clientError(_('Could not authenticate you.'), 401);
              }
          } else {
-            // all get rw access for actions that don't need auth
+            // all get rw access for actions that don't require auth
              $this->access = self::READ_WRITE;
          }
      }
author	Mikael Nordfeldth <mmn@hethane.se>
	Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)
committer	Mikael Nordfeldth <mmn@hethane.se>
	Mon, 10 Nov 2014 11:17:39 +0000 (12:17 +0100)