Returns the proper response body based on the rquest for 401.

2010-02-18 19:38:13 +01:00 · 2010-02-18 19:38:13 +01:00 · 3ac399f2ff
parent 889803151d
commit 3ac399f2ff
2 changed files with 8 additions and 1 deletions
--- a/lib/devise/strategies/http_authenticatable.rb
+++ b/lib/devise/strategies/http_authenticatable.rb
@ -14,7 +14,7 @@ module Devise
        if resource = mapping.to.authenticate_with_http(username, password)
          success!(resource)
        else
-          custom!([401, custom_headers, ["HTTP Basic: Access denied.\n"]])
+          custom!([401, custom_headers, [response_body]])
        end
      end

@ -28,6 +28,12 @@ module Devise
        ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
      end

+      def response_body
+        body   = "HTTP Basic: Access denied."
+        method = :"to_#{request.format.to_sym}"
+        {}.respond_to?(method) ? { :error => body }.send(method) : body
+      end
+
      def custom_headers
        {
          "Content-Type" => request.format.to_s,
--- a/test/integration/http_authenticatable_test.rb
+++ b/test/integration/http_authenticatable_test.rb
@ -20,6 +20,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
    sign_in_as_new_user_with_http("unknown", "123456", :xml)
    assert_equal 401, status
    assert_equal "application/xml", headers["Content-Type"]
+    assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
  end

  test 'returns a custom response with www-authenticate and chosen realm' do