Send "Unauthorized" message body with 401 responses (refs #42)

This commit is contained in:
Garret Alfert
2016-06-02 13:07:19 +02:00
parent 7aaf3f80f7
commit 9a9a9c79e5
2 changed files with 50 additions and 2 deletions

View File

@@ -24,12 +24,14 @@ module RemoteStorage
return true if ["GET", "HEAD"].include?(request_method) && !listing
end
server.halt 401, "Unauthorized" if token.empty?
authorizations = redis.smembers("authorizations:#{user}:#{token}")
permission = directory_permission(authorizations, directory)
server.halt 401 unless permission
server.halt 401, "Unauthorized" unless permission
if ["PUT", "DELETE"].include? request_method
server.halt 401 unless permission == "rw"
server.halt 401, "Unauthorized" unless permission == "rw"
end
end