From aec660c749c121df54270cdca7f56a65c2130b19 Mon Sep 17 00:00:00 2001 From: "John C. Vernaleo" Date: Mon, 1 Feb 2016 09:10:22 -0500 Subject: [PATCH] Return WWW-Authenticate header On invalide credentials return WWW-Authenticate the same way btcd does. Pointed out by @davec in decred/dcrwallet#14 --- rpc/legacyrpc/server.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/rpc/legacyrpc/server.go b/rpc/legacyrpc/server.go index 4cc8417..58d6a26 100644 --- a/rpc/legacyrpc/server.go +++ b/rpc/legacyrpc/server.go @@ -119,6 +119,12 @@ type Server struct { requestShutdownChan chan struct{} } +// jsonAuthFail sends a message back to the client if the http auth is rejected. +func jsonAuthFail(w http.ResponseWriter) { + w.Header().Add("WWW-Authenticate", `Basic realm="btcwallet RPC"`) + http.Error(w, "401 Unauthorized.", http.StatusUnauthorized) +} + // NewServer creates a new server for serving legacy RPC client connections, // both HTTP POST and websocket. func NewServer(opts *Options, walletLoader *wallet.Loader, listeners []net.Listener) *Server { @@ -162,7 +168,7 @@ func NewServer(opts *Options, walletLoader *wallet.Loader, listeners []net.Liste if err := server.checkAuthHeader(r); err != nil { log.Warnf("Unauthorized client connection attempt") - http.Error(w, "401 Unauthorized.", http.StatusUnauthorized) + jsonAuthFail(w) return } server.wg.Add(1) @@ -183,7 +189,7 @@ func NewServer(opts *Options, walletLoader *wallet.Loader, listeners []net.Liste // being missing, immediately terminate the connection. log.Warnf("Disconnecting improperly authorized " + "websocket client") - http.Error(w, "401 Unauthorized.", http.StatusUnauthorized) + jsonAuthFail(w) return }