From 5408976a072ee79df77499e2dfbc69c4cfd5d266 Mon Sep 17 00:00:00 2001
From: Roland Reichwein <mail@reichwein.it>
Date: Wed, 20 May 2020 18:22:59 +0200
Subject: Webbox: Fix auth popup on certain browsers

---
 response.cpp | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'response.cpp')

diff --git a/response.cpp b/response.cpp
index a5fb8c3..67cb322 100644
--- a/response.cpp
+++ b/response.cpp
@@ -209,8 +209,7 @@ response_type HttpStatus(std::string status, std::string message, response_type&
  if (status != "200") { // already handled at res init
   res.result(unsigned(stoul(status)));
   res.set(http::field::content_type, "text/html");
-  if (res.result_int() == 401)
-   res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\"");
+
   res.body() = "<html><body><h1>"s + Server::VersionString + " Error</h1><p>"s + status + " "s + message + "</p></body></html>"s;
   res.prepare_payload();
  }
@@ -249,14 +248,14 @@ response_type generate_response(request_type& req, Server& server)
   if (auth.size() != 0) {
    std::string authorization{req[http::field::authorization]};
    if (authorization.substr(0, 6) != "Basic "s)
-    return HttpStatusAndStats("401", "Bad Authorization Type", req_ctx, res);
+    return HttpStatusAndStats("400", "Bad Authorization Type", req_ctx, res);
    
    authorization = authorization.substr(6);
    authorization = decode64(authorization);
 
    size_t pos {authorization.find(':')};
    if (pos == authorization.npos)
-    return HttpStatusAndStats("401", "Bad Authorization Encoding", req_ctx, res);
+    return HttpStatusAndStats("400", "Bad Authorization Encoding", req_ctx, res);
 
    std::string login{authorization.substr(0, pos)};
    std::string password{authorization.substr(pos + 1)};
@@ -264,8 +263,15 @@ response_type generate_response(request_type& req, Server& server)
    auto it {auth.find(login)};
    // it.second contains crypted/hash
    // password is plain text to validate against the hash
-   if (it == auth.end() || !Auth::validate(it->second, password))
+   if (it == auth.end() || !Auth::validate(it->second, password)) {
+
+    // For now, WWW-Authenticate: Basic realm="..." will only be generated for static-files.
+    // All other plugins are expected to present their own login pages
+    if (req_ctx.GetPluginName() == "static-files")
+     res.set(http::field::www_authenticate, "Basic realm=\"Webbox Login\"");
+
     return HttpStatusAndStats("401", "Bad Authorization", req_ctx, res);
+   }
   }
 
   plugin_type plugin{req_ctx.GetPlugin()};
-- 
cgit v1.2.3