mirror of
https://github.com/tgstation/tgstation-server.git
synced 2026-07-18 03:23:07 +01:00
GET / with an Authorization header should fail if it's not valid
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
using System;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Globalization;
|
||||
using System.Linq;
|
||||
@@ -191,6 +191,12 @@ namespace Tgstation.Server.Host.Controllers
|
||||
/// <returns>A <see cref="NotFoundObjectResult"/> with an appropriate <see cref="ErrorMessageResponse"/>.</returns>
|
||||
protected new NotFoundObjectResult NotFound() => NotFound(new ErrorMessageResponse(ErrorCode.ResourceNeverPresent));
|
||||
|
||||
/// <summary>
|
||||
/// Generic 401 response.
|
||||
/// </summary>
|
||||
/// <returns>An <see cref="ObjectResult"/> with <see cref="HttpStatusCode.NotFound"/>.</returns>
|
||||
protected new ObjectResult Unauthorized() => this.StatusCode(HttpStatusCode.Unauthorized, null);
|
||||
|
||||
/// <summary>
|
||||
/// Generic 501 response.
|
||||
/// </summary>
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
using System;
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Threading;
|
||||
@@ -164,6 +164,8 @@ namespace Tgstation.Server.Host.Controllers
|
||||
HeaderNames.Vary,
|
||||
new StringValues(ApiHeaders.ApiVersionHeader));
|
||||
|
||||
// if they tried to authenticate in any form and failed, let them know immediately
|
||||
bool failIfUnauthed;
|
||||
if (ApiHeaders == null)
|
||||
{
|
||||
if (controlPanelConfiguration.Enable && !Request.Headers.TryGetValue(ApiHeaders.ApiVersionHeader, out _))
|
||||
@@ -190,7 +192,14 @@ namespace Tgstation.Server.Host.Controllers
|
||||
{
|
||||
return HeadersIssue(ex);
|
||||
}
|
||||
|
||||
failIfUnauthed = Request.Headers.Authorization.Any();
|
||||
}
|
||||
else
|
||||
failIfUnauthed = ApiHeaders.Token != null;
|
||||
|
||||
if (failIfUnauthed && !AuthenticationContext.Valid)
|
||||
return Unauthorized();
|
||||
|
||||
return Json(new ServerInformationResponse
|
||||
{
|
||||
|
||||
@@ -210,6 +210,7 @@ namespace Tgstation.Server.Tests.Live
|
||||
|
||||
var badClient = clientFactory.CreateFromToken(serverClient.Url, newToken);
|
||||
await ApiAssert.ThrowsException<UnauthorizedException, AdministrationResponse>(() => badClient.Administration.Read(cancellationToken));
|
||||
await ApiAssert.ThrowsException<UnauthorizedException, ServerInformationResponse>(() => badClient.ServerInformation(cancellationToken));
|
||||
}
|
||||
|
||||
static async Task TestOAuthFails(IServerClient serverClient, CancellationToken cancellationToken)
|
||||
|
||||
Reference in New Issue
Block a user