diff --git a/src/Tgstation.Server.Host/Controllers/ApiController.cs b/src/Tgstation.Server.Host/Controllers/ApiController.cs index 399b28a5b0..deeaa55dc3 100644 --- a/src/Tgstation.Server.Host/Controllers/ApiController.cs +++ b/src/Tgstation.Server.Host/Controllers/ApiController.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections.Generic; using System.Globalization; using System.Linq; @@ -191,6 +191,12 @@ namespace Tgstation.Server.Host.Controllers /// A with an appropriate . protected new NotFoundObjectResult NotFound() => NotFound(new ErrorMessageResponse(ErrorCode.ResourceNeverPresent)); + /// + /// Generic 401 response. + /// + /// An with . + protected new ObjectResult Unauthorized() => this.StatusCode(HttpStatusCode.Unauthorized, null); + /// /// Generic 501 response. /// diff --git a/src/Tgstation.Server.Host/Controllers/HomeController.cs b/src/Tgstation.Server.Host/Controllers/HomeController.cs index afa526ad92..6b1c2ebdf8 100644 --- a/src/Tgstation.Server.Host/Controllers/HomeController.cs +++ b/src/Tgstation.Server.Host/Controllers/HomeController.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Linq; using System.Net; using System.Threading; @@ -164,6 +164,8 @@ namespace Tgstation.Server.Host.Controllers HeaderNames.Vary, new StringValues(ApiHeaders.ApiVersionHeader)); + // if they tried to authenticate in any form and failed, let them know immediately + bool failIfUnauthed; if (ApiHeaders == null) { if (controlPanelConfiguration.Enable && !Request.Headers.TryGetValue(ApiHeaders.ApiVersionHeader, out _)) @@ -190,7 +192,14 @@ namespace Tgstation.Server.Host.Controllers { return HeadersIssue(ex); } + + failIfUnauthed = Request.Headers.Authorization.Any(); } + else + failIfUnauthed = ApiHeaders.Token != null; + + if (failIfUnauthed && !AuthenticationContext.Valid) + return Unauthorized(); return Json(new ServerInformationResponse { diff --git a/tests/Tgstation.Server.Tests/Live/RawRequestTests.cs b/tests/Tgstation.Server.Tests/Live/RawRequestTests.cs index dae4ff1a34..7dc5d243f7 100644 --- a/tests/Tgstation.Server.Tests/Live/RawRequestTests.cs +++ b/tests/Tgstation.Server.Tests/Live/RawRequestTests.cs @@ -210,6 +210,7 @@ namespace Tgstation.Server.Tests.Live var badClient = clientFactory.CreateFromToken(serverClient.Url, newToken); await ApiAssert.ThrowsException(() => badClient.Administration.Read(cancellationToken)); + await ApiAssert.ThrowsException(() => badClient.ServerInformation(cancellationToken)); } static async Task TestOAuthFails(IServerClient serverClient, CancellationToken cancellationToken)