Mercurial > dovecot > core-2.2

changeset 19986:7d35ad891361

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doveadm-http: Fix mismatch in authorization The code advertizes X-Dovecot-API in WWW-Authenticate header, but expects X-Doveadm-API in Authorization header. This change makes it expect X-Dovecot-API.
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Mon, 04 Apr 2016 21:05:44 +0300
parents fdbd96c26d2d
children 926294fdb1af
files src/doveadm/client-connection-http.c
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/doveadm/client-connection-http.c	Tue Apr 05 19:59:18 2016 +0300
+++ b/src/doveadm/client-connection-http.c	Mon Apr 04 21:05:44 2016 +0300
@@ -653,7 +653,7 @@
 			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
 			else i_error("Invalid authentication attempt to HTTP API");
 		}
-		else if (strcasecmp(creds.scheme, "X-Doveadm-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
+		else if (strcasecmp(creds.scheme, "X-Dovecot-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') {
 			string_t *b64_value = str_new(conn->client.pool, 32);
 			base64_encode(doveadm_settings->doveadm_api_key, strlen(doveadm_settings->doveadm_api_key), b64_value);
 			if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE;
@@ -665,7 +665,7 @@
 		conn->http_response = http_server_response_create(conn->http_server_request, 401, "Authentication required");
 		if (doveadm_settings->doveadm_api_key[0] != '\0')
 			http_server_response_add_header(conn->http_response,
-				"WWW-Authenticate", "X-Dovecot-API Realm=\"doveadm\""
+				"WWW-Authenticate", "X-Dovecot-API"
 			);
 		if (*conn->client.set->doveadm_password != '\0')
 			http_server_response_add_header(conn->http_response,