Skip to content

Commit dbf97cc

Browse files
Set www_authenticate header field after SendJsonError()
This is necessary, since `SendJsonError()` also clears the entire response and possible because it doesn't on its own *send* the message yet.
1 parent f63bbec commit dbf97cc

3 files changed

Lines changed: 17 additions & 4 deletions

File tree

lib/remote/httpserverconnection.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -310,17 +310,17 @@ bool EnsureAuthenticatedUser(
310310
Log(LogWarning, "HttpServerConnection")
311311
<< "Unauthorized request: " << request.method_string() << ' ' << request.target();
312312

313-
response.result(http::status::unauthorized);
314-
response.set(http::field::www_authenticate, "Basic realm=\"Icinga 2\"");
315-
response.set(http::field::connection, "close");
316-
317313
if (request[http::field::accept] == "application/json") {
318314
HttpUtility::SendJsonError(response, nullptr, 401, "Unauthorized. Please check your user credentials.");
319315
} else {
320316
response.set(http::field::content_type, "text/html");
321317
response.body() << "<h1>Unauthorized. Please check your user credentials.</h1>";
322318
}
323319

320+
// Set additional header fields after the response has been initialized in SendJsonError().
321+
response.set(http::field::www_authenticate, "Basic realm=\"Icinga 2\"");
322+
response.set(http::field::connection, "close");
323+
324324
response.Flush(yc);
325325

326326
return false;

lib/remote/httputility.cpp

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,18 @@ void HttpUtility::SendJsonBody(HttpApiResponse& response, const Dictionary::Ptr&
8383
response.GetJsonEncoder(params && GetLastParameter(params, "pretty")).Encode(val);
8484
}
8585

86+
/**
87+
* Initialize the response object with the given error code and info.
88+
*
89+
* Note that this fully resets the response object so any additional headers will need to be set
90+
* after initializing the response with this function.
91+
*
92+
* @param response A reference to the HTTP response to initialize
93+
* @param params The parameters sent with the request
94+
* @param code The error code to initialize the response with
95+
* @param info The error message to include in the JSON body
96+
* @param diagnosticInformation Additional debug information included when `verbose` is in params
97+
*/
8698
void HttpUtility::SendJsonError(HttpApiResponse& response,
8799
const Dictionary::Ptr& params, int code, const String& info, const String& diagnosticInformation)
88100
{

test/remote-httpserverconnection.cpp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -295,6 +295,7 @@ BOOST_AUTO_TEST_CASE(authenticate_error_wronguser)
295295

296296
BOOST_REQUIRE_EQUAL(response.version(), 11);
297297
BOOST_REQUIRE_EQUAL(response.result(), http::status::unauthorized);
298+
BOOST_REQUIRE(!response[http::field::www_authenticate].empty());
298299
Dictionary::Ptr body = JsonDecode(response.body());
299300
BOOST_REQUIRE(body);
300301
BOOST_REQUIRE_EQUAL(body->Get("error"), 401);

0 commit comments

Comments
 (0)