Mercurial > dovecot > core-2.2
changeset 19986:7d35ad891361
doveadm-http: Fix mismatch in authorization
The code advertizes X-Dovecot-API in WWW-Authenticate header, but
expects X-Doveadm-API in Authorization header. This change makes
it expect X-Dovecot-API.
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Mon, 04 Apr 2016 21:05:44 +0300 |
parents | fdbd96c26d2d |
children | 926294fdb1af |
files | src/doveadm/client-connection-http.c |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/doveadm/client-connection-http.c Tue Apr 05 19:59:18 2016 +0300 +++ b/src/doveadm/client-connection-http.c Mon Apr 04 21:05:44 2016 +0300 @@ -653,7 +653,7 @@ if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE; else i_error("Invalid authentication attempt to HTTP API"); } - else if (strcasecmp(creds.scheme, "X-Doveadm-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') { + else if (strcasecmp(creds.scheme, "X-Dovecot-API") == 0 && doveadm_settings->doveadm_api_key[0] != '\0') { string_t *b64_value = str_new(conn->client.pool, 32); base64_encode(doveadm_settings->doveadm_api_key, strlen(doveadm_settings->doveadm_api_key), b64_value); if (strcmp(creds.data, str_c(b64_value)) == 0) auth = TRUE; @@ -665,7 +665,7 @@ conn->http_response = http_server_response_create(conn->http_server_request, 401, "Authentication required"); if (doveadm_settings->doveadm_api_key[0] != '\0') http_server_response_add_header(conn->http_response, - "WWW-Authenticate", "X-Dovecot-API Realm=\"doveadm\"" + "WWW-Authenticate", "X-Dovecot-API" ); if (*conn->client.set->doveadm_password != '\0') http_server_response_add_header(conn->http_response,