Present WWW-Authenticate on failure to authenticate

2014-11-10 12:17:39 +01:00 · 2014-11-10 12:17:39 +01:00 · 34f6ea1d04
commit 34f6ea1d04
parent b6a168c82e
1 changed files with 4 additions and 1 deletions
--- a/lib/apiauthaction.php
+++ b/lib/apiauthaction.php
@ -317,11 +317,14 @@ class ApiAuthAction extends ApiAction
                    $this->auth_user_nickname
                );
                $this->logAuthFailure($msg);
+
+                // We must present WWW-Authenticate in accordance to HTTP status code 401
+                header('WWW-Authenticate: Basic realm="' . $realm . '"');
                // TRANS: Client error thrown when authentication fails.
                $this->clientError(_('Could not authenticate you.'), 401);
            }
        } else {
-            // all get rw access for actions that don't need auth
+            // all get rw access for actions that don't require auth
            $this->access = self::READ_WRITE;
        }
    }