# HG changeset patch
# User Aki Tuomi <aki.tuomi@dovecot.fi>
# Date 1459793144 -10800
# Node ID 7d35ad891361e1e1c6dd64168892028903a1f2d7
# Parent  fdbd96c26d2d8def9eda3a37742bc48fed7866f6
doveadm-http: Fix mismatch in authorization

The code advertizes X-Dovecot-API in WWW-Authenticate header, but
expects X-Doveadm-API in Authorization header. This change makes
it expect X-Dovecot-API.

diff -r fdbd96c26d2d -r 7d35ad891361 src/doveadm/client-connection-http.c
--- a/src/doveadm/client-connection-http.c	Tue Apr 05 19:59:18 2016 +0300
+++ b/src/doveadm/client-connection-http.c	Mon Apr 04 21:05:44 2016 +0300
@@ -653,7 +653,7 @@
 			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
 			else i_error("Invalid authentication attempt to HTTP API");
 		}
-		else if (strcasecmp(creds.scheme, "X-Doveadm-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
+		else if (strcasecmp(creds.scheme, "X-Dovecot-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
 			string_t *b64_value = str_new(conn->client.pool, 32);
 			base64_encode(doveadm_settings->doveadm_api_key, strlen(doveadm_settings->doveadm_api_key), b64_value);
 			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
@@ -665,7 +665,7 @@
 		conn->http_response = http_server_response_create(conn->http_server_request, 401, "Authentication required");
 		if (doveadm_settings->doveadm_api_key[0] != '\0')
 			http_server_response_add_header(conn->http_response,
-				"WWW-Authenticate", "X-Dovecot-API Realm=\"doveadm\""
+				"WWW-Authenticate", "X-Dovecot-API"
 			);
 		if (*conn->client.set->doveadm_password != '\0')
 			http_server_response_add_header(conn->http_response,