From 494d57cb4a8c204e0fbb963a12ac6d1afd3e2885 Mon Sep 17 00:00:00 2001
From: Julien Danjou <julien@danjou.info>
Date: Thu, 23 Jun 2011 17:36:49 +0200
Subject: [PATCH] Use auth.SendUnauthorized() to really request auth

Local function sendUnauthorized does not send all the header like
WWW-Authenticate, therefore browser do not propose a popup.
auth.SendUnauthorized is more complete in this regard.

Change-Id: Icef0a41394883e9606cab2557482bfa5b7b995ec
Signed-off-by: Julien Danjou <julien@danjou.info>
---
 lib/go/camli/blobserver/handlers/get.go | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/lib/go/camli/blobserver/handlers/get.go b/lib/go/camli/blobserver/handlers/get.go
index b5b6b9357..3634a9c9d 100644
--- a/lib/go/camli/blobserver/handlers/get.go
+++ b/lib/go/camli/blobserver/handlers/get.go
@@ -58,11 +58,6 @@ func CreateGetHandler(fetcher blobref.StreamingFetcher) func(http.ResponseWriter
 const fetchFailureDelayNs = 200e6 // 200 ms
 const maxJsonSize = 64 * 1024     // should be enough for everyone
 
-func sendUnauthorized(conn http.ResponseWriter) {
-	conn.WriteHeader(http.StatusUnauthorized)
-	fmt.Fprintf(conn, "<h1>Unauthorized</h1>")
-}
-
 func (h *GetHandler) ServeHTTP(conn http.ResponseWriter, req *http.Request) {
 	blobRef := blobFromUrlPath(req.URL.Path)
 	if blobRef == nil {
@@ -75,7 +70,7 @@ func (h *GetHandler) ServeHTTP(conn http.ResponseWriter, req *http.Request) {
 		serveBlobRef(conn, req, blobRef, h.Fetcher)
 	case auth.TriedAuthorization(req):
 		log.Printf("Attempted authorization failed on %s", req.URL)
-		sendUnauthorized(conn)
+		auth.SendUnauthorized(conn)
 	default:
 		handleGetViaSharing(conn, req, blobRef, h.Fetcher)
 	}
@@ -221,31 +216,31 @@ blobRef *blobref.BlobRef, fetcher blobref.StreamingFetcher) {
 			file, size, err := fetcher.FetchStreaming(br)
 			if err != nil {
 				log.Printf("Fetch chain 0 of %s failed: %v", br.String(), err)
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			defer file.Close()
 			if size > maxJsonSize {
 				log.Printf("Fetch chain 0 of %s too large", br.String())
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			jd := json.NewDecoder(file)
 			m := make(map[string]interface{})
 			if err := jd.Decode(&m); err != nil {
 				log.Printf("Fetch chain 0 of %s wasn't JSON: %v", br.String(), err)
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			if m["camliType"].(string) != "share" {
 				log.Printf("Fetch chain 0 of %s wasn't a share", br.String())
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			if len(fetchChain) > 1 && fetchChain[1].String() != m["target"].(string) {
 				log.Printf("Fetch chain 0->1 (%s -> %q) unauthorized, expected hop to %q",
 					br.String(), fetchChain[1].String(), m["target"])
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 		case len(fetchChain) - 1:
@@ -256,7 +251,7 @@ blobRef *blobref.BlobRef, fetcher blobref.StreamingFetcher) {
 			file, _, err := fetcher.FetchStreaming(br)
 			if err != nil {
 				log.Printf("Fetch chain %d of %s failed: %v", i, br.String(), err)
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			defer file.Close()
@@ -264,14 +259,14 @@ blobRef *blobref.BlobRef, fetcher blobref.StreamingFetcher) {
 			slurpBytes, err := ioutil.ReadAll(lr)
 			if err != nil {
 				log.Printf("Fetch chain %d of %s failed in slurp: %v", i, br.String(), err)
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 			saught := fetchChain[i+1].String()
 			if bytes.IndexAny(slurpBytes, saught) == -1 {
 				log.Printf("Fetch chain %d of %s failed; no reference to %s",
 					i, br.String(), saught)
-				sendUnauthorized(conn)
+				auth.SendUnauthorized(conn)
 				return
 			}
 		}