Changed the response code/message (to 401 Unauthorized) to ask the cl…

…ient to authenticate the user
OpenMarshal · Jun 12, 2017 · 14e7c76 · 14e7c76
1 parent 4e8c78c
commit 14e7c76
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 16 deletions.
diff --git a/lib/server/MethodCallArgs.js b/lib/server/MethodCallArgs.js
@@ -77,7 +77,7 @@ var MethodCallArgs = (function () {
                 return;
             }
             if (!can) {
-                _this.setCode(HTTPCodes_1.HTTPCodes.Forbidden);
+                _this.setCode(HTTPCodes_1.HTTPCodes.Unauthorized);
                 _this.exit();
                 return;
             }

diff --git a/lib/server/commands/Propfind.js b/lib/server/commands/Propfind.js
@@ -4,6 +4,7 @@ var WebDAVRequest_1 = require("../WebDAVRequest");
 var IResource_1 = require("../../resource/IResource");
 var XML_1 = require("../../helper/XML");
 var FSPath_1 = require("../../manager/FSPath");
+var Errors_1 = require("../../Errors");
 var http = require("http");
 function lockDiscovery(lockDiscoveryCache, arg, path, resource, callback) {
     var cached = lockDiscoveryCache[path.toString()];
@@ -98,7 +99,17 @@ function default_1(arg, callback) {
             });
             resource.type(function (e, type) { return process.nextTick(function () {
                 if (!type.isDirectory || arg.depth === 0) {
-                    addXMLInfo(resource, multistatus, function () { return done(multistatus); });
+                    addXMLInfo(resource, multistatus, function (e) {
+                        if (!e)
+                            done(multistatus);
+                        else {
+                            if (e === Errors_1.Errors.BadAuthentication)
+                                arg.setCode(WebDAVRequest_1.HTTPCodes.Unauthorized);
+                            else
+                                arg.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError);
+                            callback();
+                        }
+                    });
                     return;
                 }
                 arg.requirePrivilege('canGetChildren', resource, function () {
@@ -107,7 +118,10 @@ function default_1(arg, callback) {
                         function nbOut(error) {
                             if (nb > 0 && error) {
                                 nb = -1;
-                                arg.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError);
+                                if (error === Errors_1.Errors.BadAuthentication)
+                                    arg.setCode(WebDAVRequest_1.HTTPCodes.Unauthorized);
+                                else
+                                    arg.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError);
                                 callback();
                                 return;
                             }
@@ -133,13 +147,11 @@ function default_1(arg, callback) {
                     privileges.push('canSource');
                 arg.requireErPrivilege(privileges, resource, function (e, can) {
                     if (e) {
-                        propstat.ele('D:status').add(propstatStatus(WebDAVRequest_1.HTTPCodes.InternalServerError));
-                        callback();
+                        callback(e);
                         return;
                     }
                     if (!can) {
-                        propstat.ele('D:status').add(propstatStatus(WebDAVRequest_1.HTTPCodes.Forbidden));
-                        callback();
+                        callback(Errors_1.Errors.BadAuthentication);
                         return;
                     }
                     propstat.ele('D:status').add('HTTP/1.1 200 OK');

diff --git a/src/server/MethodCallArgs.ts b/src/server/MethodCallArgs.ts
@@ -117,7 +117,7 @@ export class MethodCallArgs
 
             if(!can)
             {
-                this.setCode(HTTPCodes.Forbidden);
+                this.setCode(HTTPCodes.Unauthorized);
                 this.exit();
                 return;
             }

diff --git a/src/server/commands/Propfind.ts b/src/server/commands/Propfind.ts
@@ -135,7 +135,18 @@ export default function(arg : MethodCallArgs, callback)
             resource.type((e, type) => process.nextTick(() => {
                 if(!type.isDirectory || arg.depth === 0)
                 {
-                    addXMLInfo(resource, multistatus, () => done(multistatus))
+                    addXMLInfo(resource, multistatus, (e) => {
+                        if(!e)
+                            done(multistatus);
+                        else
+                        {
+                            if(e === Errors.BadAuthentication)
+                                arg.setCode(HTTPCodes.Unauthorized);
+                            else
+                                arg.setCode(HTTPCodes.InternalServerError);
+                            callback();
+                        }
+                    })
                     return;
                 }
 
@@ -148,7 +159,10 @@ export default function(arg : MethodCallArgs, callback)
                             if(nb > 0 && error)
                             {
                                 nb = -1;
-                                arg.setCode(HTTPCodes.InternalServerError);
+                                if(error === Errors.BadAuthentication)
+                                    arg.setCode(HTTPCodes.Unauthorized);
+                                else
+                                    arg.setCode(HTTPCodes.InternalServerError);
                                 callback();
                                 return;
                             }
@@ -158,8 +172,8 @@ export default function(arg : MethodCallArgs, callback)
                                 done(multistatus);
                         }
 
-                        addXMLInfo(resource, multistatus, nbOut)
-                        
+                        addXMLInfo(resource, multistatus, nbOut);
+
                         children.forEach((child) => process.nextTick(() => {
                             addXMLInfo(child, multistatus, nbOut)
                         }))
@@ -183,15 +197,13 @@ export default function(arg : MethodCallArgs, callback)
                 arg.requireErPrivilege(privileges, resource, (e, can) => {
                     if(e)
                     {
-                        propstat.ele('D:status').add(propstatStatus(HTTPCodes.InternalServerError));
-                        callback();
+                        callback(e);
                         return;
                     }
 
                     if(!can)
                     {
-                        propstat.ele('D:status').add(propstatStatus(HTTPCodes.Forbidden));
-                        callback();
+                        callback(Errors.BadAuthentication);
                         return;
                     }