The WWW-Authenticate real also includes the user.

This commit is contained in:
default 2023-06-24 08:29:29 +02:00
parent 3da32bd327
commit 2f3ed55790
2 changed files with 13 additions and 4 deletions

13
html.c
View file

@ -1565,8 +1565,10 @@ int html_get_handler(const xs_dict *req, const char *q_path,
} }
else else
if (strcmp(p_path, "admin") == 0) { /** private timeline **/ if (strcmp(p_path, "admin") == 0) { /** private timeline **/
if (!login(&snac, req)) if (!login(&snac, req)) {
*body = xs_dup(uid);
status = 401; status = 401;
}
else { else {
if (cache && history_mtime(&snac, "timeline.html_") > timeline_mtime(&snac)) { if (cache && history_mtime(&snac, "timeline.html_") > timeline_mtime(&snac)) {
snac_debug(&snac, 1, xs_fmt("serving cached timeline")); snac_debug(&snac, 1, xs_fmt("serving cached timeline"));
@ -1593,8 +1595,10 @@ int html_get_handler(const xs_dict *req, const char *q_path,
} }
else else
if (strcmp(p_path, "people") == 0) { /** the list of people **/ if (strcmp(p_path, "people") == 0) { /** the list of people **/
if (!login(&snac, req)) if (!login(&snac, req)) {
*body = xs_dup(uid);
status = 401; status = 401;
}
else { else {
*body = html_people(&snac); *body = html_people(&snac);
*b_size = strlen(*body); *b_size = strlen(*body);
@ -1603,8 +1607,10 @@ int html_get_handler(const xs_dict *req, const char *q_path,
} }
else else
if (strcmp(p_path, "notifications") == 0) { /** the list of notifications **/ if (strcmp(p_path, "notifications") == 0) { /** the list of notifications **/
if (!login(&snac, req)) if (!login(&snac, req)) {
*body = xs_dup(uid);
status = 401; status = 401;
}
else { else {
*body = html_notifications(&snac); *body = html_notifications(&snac);
*b_size = strlen(*body); *b_size = strlen(*body);
@ -1758,6 +1764,7 @@ int html_post_handler(const xs_dict *req, const char *q_path,
/* all posts must be authenticated */ /* all posts must be authenticated */
if (!login(&snac, req)) { if (!login(&snac, req)) {
user_free(&snac); user_free(&snac);
*body = xs_dup(uid);
return 401; return 401;
} }

View file

@ -251,7 +251,9 @@ void httpd_connection(FILE *f)
headers = xs_dict_append(headers, "location", body); headers = xs_dict_append(headers, "location", body);
if (status == 401) { if (status == 401) {
xs *www_auth = xs_fmt("Basic realm=\"%s snac login\"", xs_dict_get(srv_config, "host")); xs *www_auth = xs_fmt("Basic realm=\"@%s@%s snac login\"",
body, xs_dict_get(srv_config, "host"));
headers = xs_dict_append(headers, "WWW-Authenticate", www_auth); headers = xs_dict_append(headers, "WWW-Authenticate", www_auth);
} }