From 5883e52e4c83778966456558b2dd8b26ff6ccd88 Mon Sep 17 00:00:00 2001
From: duddo <dvd100@gmail.com>
Date: Wed, 21 Apr 2021 16:01:50 +0200
Subject: [PATCH] Always add WWW-Authenticate header (#515)

* always add WWWAuthenticate header

* splitted tests methods

Co-authored-by: Davide <totarosirius@gmail.com>
---
 .../BasicAuthenticationModuleBase.cs          |  4 ++--
 .../BasicAuthenticationModuleTest.cs          | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs b/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs
index fc9a20dae..e618c9a89 100644
--- a/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs
+++ b/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs
@@ -56,10 +56,10 @@ async Task<bool> IsAuthenticatedAsync()
                 }
             }
 
+            context.Response.Headers.Set(HttpHeaderNames.WWWAuthenticate, _wwwAuthenticateHeaderValue);
+
             if (!await IsAuthenticatedAsync().ConfigureAwait(false))
                 throw HttpException.Unauthorized();
-
-            context.Response.Headers.Set(HttpHeaderNames.WWWAuthenticate, _wwwAuthenticateHeaderValue);
         }
 
         /// <summary>
diff --git a/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs b/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs
index f2ab70559..9e9234d4a 100644
--- a/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs
+++ b/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs
@@ -32,6 +32,13 @@ public async Task RequestWithValidCredentials_ReturnsOK()
             Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "Status Code OK");
         }
 
+        [Test]
+        public async Task RequestWithValidCredentials_ReturnsValidWWWAuthenticateHeader()
+        {
+            var response = await MakeRequest(UserName, Password).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         [Test]
         public async Task RequestWithInvalidCredentials_ReturnsUnauthorized()
         {
@@ -41,6 +48,15 @@ public async Task RequestWithInvalidCredentials_ReturnsUnauthorized()
             Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "Status Code Unauthorized");
         }
 
+        [Test]
+        public async Task RequestWithInvalidCredentials_ReturnsValidWWWAuthenticateHeader()
+        {
+            const string wrongPassword = "wrongpaassword";
+
+            var response = await MakeRequest(UserName, wrongPassword).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         [Test]
         public async Task RequestWithNoAuthorizationHeader_ReturnsUnauthorized()
         {
@@ -48,6 +64,13 @@ public async Task RequestWithNoAuthorizationHeader_ReturnsUnauthorized()
             Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "Status Code Unauthorized");
         }
 
+        [Test]
+        public async Task RequestWithNoAuthorizationHeader_ReturnsValidWWWAuthenticateHeader()
+        {
+            var response = await MakeRequest(null, null).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         private Task<HttpResponseMessage> MakeRequest(string? userName, string? password)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, WebServerUrl);