Always add WWW-Authenticate header (#515)

* always add WWWAuthenticate header * splitted tests methods Co-authored-by: Davide <[email protected]>
unosquare · Apr 21, 2021 · 5883e52 · 5883e52
1 parent ec28b59
commit 5883e52
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs b/src/EmbedIO/Authentication/BasicAuthenticationModuleBase.cs
@@ -56,10 +56,10 @@ async Task<bool> IsAuthenticatedAsync()
                 }
             }
 
+            context.Response.Headers.Set(HttpHeaderNames.WWWAuthenticate, _wwwAuthenticateHeaderValue);
+
             if (!await IsAuthenticatedAsync().ConfigureAwait(false))
                 throw HttpException.Unauthorized();
-
-            context.Response.Headers.Set(HttpHeaderNames.WWWAuthenticate, _wwwAuthenticateHeaderValue);
         }
 
         /// <summary>

diff --git a/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs b/test/EmbedIO.Tests/BasicAuthenticationModuleTest.cs
@@ -32,6 +32,13 @@ public async Task RequestWithValidCredentials_ReturnsOK()
             Assert.AreEqual(HttpStatusCode.OK, response.StatusCode, "Status Code OK");
         }
 
+        [Test]
+        public async Task RequestWithValidCredentials_ReturnsValidWWWAuthenticateHeader()
+        {
+            var response = await MakeRequest(UserName, Password).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         [Test]
         public async Task RequestWithInvalidCredentials_ReturnsUnauthorized()
         {
@@ -41,13 +48,29 @@ public async Task RequestWithInvalidCredentials_ReturnsUnauthorized()
             Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "Status Code Unauthorized");
         }
 
+        [Test]
+        public async Task RequestWithInvalidCredentials_ReturnsValidWWWAuthenticateHeader()
+        {
+            const string wrongPassword = "wrongpaassword";
+
+            var response = await MakeRequest(UserName, wrongPassword).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         [Test]
         public async Task RequestWithNoAuthorizationHeader_ReturnsUnauthorized()
         {
             var response = await MakeRequest(null, null).ConfigureAwait(false);
             Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode, "Status Code Unauthorized");
         }
 
+        [Test]
+        public async Task RequestWithNoAuthorizationHeader_ReturnsValidWWWAuthenticateHeader()
+        {
+            var response = await MakeRequest(null, null).ConfigureAwait(false);
+            Assert.AreEqual("Basic realm=\"/\" charset=UTF-8", response.Headers.WwwAuthenticate.ToString());
+        }
+
         private Task<HttpResponseMessage> MakeRequest(string? userName, string? password)
         {
             var request = new HttpRequestMessage(HttpMethod.Get, WebServerUrl);