auth: Fixed regression introduced with a4d187f

Tested with:

(shell1) host1$ devcam server -all
(shell2) host1$  curl -i http://localhost:3179/ui/
HTTP/1.1 200 OK
...

(shell1) host2$  wget -qS http://sagan:3179/ui/ -O -
  HTTP/1.1 401 Unauthorized
  Www-Authenticate: Basic realm="Any username, password is: pass3179"
  Content-Type: text/html; charset=utf-8
  Content-Length: 33
  Date: Wed, 21 Aug 2013 03:07:50 GMT

(shell1) host2$ wget -qS http://user:pass3179@sagan:3179/ui/ -O -
  HTTP/1.1 401 Unauthorized
  Www-Authenticate: Basic realm="Any username, password is: pass3179"
  Content-Type: text/html; charset=utf-8
  Content-Length: 33
  Date: Wed, 21 Aug 2013 03:06:54 GMT
  HTTP/1.1 200 OK
  Accept-Ranges: bytes
  Content-Length: 1213
  Content-Type: text/html; charset=utf-8
  Last-Modified: Thu, 04 Jul 2013 02:08:28 GMT
  Vary: Accept
  Date: Wed, 21 Aug 2013 03:06:54 GMT
<!doctype html>
...

This should resolve https://code.google.com/p/camlistore/issues/detail?id=204

Change-Id: I68ef2a0d93df56172033c2cbac4170e54d6452be

pkg/auth/auth.go

@@ -204,15 +204,14 @@ type UserPass struct {
 
 func (up *UserPass) AllowedAccess(req *http.Request) Operation {
 	user, pass, err := basicAuth(req)
-	if err != nil {
-		return 0
-	}
-	if user == up.Username {
-		if pass == up.Password {
-			return OpAll
-		}
-		if pass == up.VivifyPass {
-			return OpVivify
+	if err == nil {
+		if user == up.Username {
+			if pass == up.Password {
+				return OpAll
+			}
+			if pass == up.VivifyPass {
+				return OpVivify
+			}
 		}
 	}
 
@@ -258,14 +257,13 @@ type DevAuth struct {
 
 func (da *DevAuth) AllowedAccess(req *http.Request) Operation {
 	_, pass, err := basicAuth(req)
-	if err != nil {
-		return 0
-	}
-	if pass == da.Password {
-		return OpAll
-	}
-	if pass == da.VivifyPass {
-		return OpVivify
+	if err == nil {
+		if pass == da.Password {
+			return OpAll
+		}
+		if pass == da.VivifyPass {
+			return OpVivify
+		}
 	}
 
 	// See if the local TCP port is owned by the same non-root user as this