eeva/servant
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix error status bug in basic auth

Browse source 
Fixes #440.
This commit is contained in:
Sönke Hahn 2016-04-06 11:16:18 +08:00
parent 4224c20bff
commit 14ff219726
2 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
servant-server/src/Servant/Server/Internal/BasicAuth.hs
View file

@ -64,6 +64,6 @@ runBasicAuth req realm (BasicAuthCheck ba) =
Just e -> ba e >>= \res -> case res of Just e -> ba e >>= \res -> case res of
BadPassword -> plzAuthenticate BadPassword -> plzAuthenticate
NoSuchUser -> plzAuthenticate NoSuchUser -> plzAuthenticate
Unauthorized -> return $ Fail err403 Unauthorized -> return $ FailFatal err403
Authorized usr -> return $ Route usr Authorized usr -> return $ Route usr
where plzAuthenticate = return $ Fail err401 { errHeaders = [mkBAChallengerHdr realm] } where plzAuthenticate = return $ FailFatal err401 { errHeaders = [mkBAChallengerHdr realm] }

19
servant-server/test/Servant/ServerSpec.hs
View file

@ -30,6 +30,7 @@ import Network.HTTP.Types (Status (..), hAccept, hContentType,
methodDelete, methodGet, methodDelete, methodGet,
methodHead, methodPatch, methodHead, methodPatch,
methodPost, methodPut, ok200, methodPost, methodPut, ok200,
imATeaPot418,
parseQuery) parseQuery)
import Network.Wai (Application, Request, requestHeaders, pathInfo, import Network.Wai (Application, Request, requestHeaders, pathInfo,
queryString, rawQueryString, queryString, rawQueryString,
@ -542,13 +543,17 @@ miscCombinatorSpec = with (return $ serve miscApi miscServ) $
-- * Basic Authentication {{{ -- * Basic Authentication {{{
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
type BasicAuthAPI = BasicAuth "foo" () :> "basic" :> Get '[JSON] Animal type BasicAuthAPI =
BasicAuth "foo" () :> "basic" :> Get '[JSON] Animal
:<|> Raw
basicAuthApi :: Proxy BasicAuthAPI basicAuthApi :: Proxy BasicAuthAPI
basicAuthApi = Proxy basicAuthApi = Proxy
basicAuthServer :: Server BasicAuthAPI basicAuthServer :: Server BasicAuthAPI
basicAuthServer = const (return jerry) basicAuthServer =
const (return jerry) :<|>
(\ _ respond -> respond $ responseLBS imATeaPot418 [] "")
basicAuthContext :: Context '[ BasicAuthCheck () ] basicAuthContext :: Context '[ BasicAuthCheck () ]
basicAuthContext = basicAuthContext =
@ -564,14 +569,22 @@ basicAuthSpec = do
with (return (serveWithContext basicAuthApi basicAuthContext basicAuthServer)) $ do with (return (serveWithContext basicAuthApi basicAuthContext basicAuthServer)) $ do
context "Basic Authentication" $ do context "Basic Authentication" $ do
it "returns 401 with bad password" $ do it "returns 401 when no credentials given" $ do
get "/basic" `shouldRespondWith` 401 get "/basic" `shouldRespondWith` 401
it "returns 403 when invalid credentials given" $ do
let invalid = [("Authorization", "Basic bbbbbbbbbDpzZXJ2ZXI=")] -- fixme: how do I create basic auth tokens?
THW.request methodGet "/basic" invalid ""
`shouldRespondWith` 403
it "returns 200 with the right password" $ do it "returns 200 with the right password" $ do
let validCredentials = [("Authorization", "Basic c2VydmFudDpzZXJ2ZXI=")] let validCredentials = [("Authorization", "Basic c2VydmFudDpzZXJ2ZXI=")]
THW.request methodGet "/basic" validCredentials "" THW.request methodGet "/basic" validCredentials ""
`shouldRespondWith` 200 `shouldRespondWith` 200
it "plays nice with subsequent Raw endpoints" $ do
get "/foo" `shouldRespondWith` 418
-- }}} -- }}}
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
-- * General Authentication {{{ -- * General Authentication {{{