From c7904db30d2cdb5a85788421d7d50a40bdea4999 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Mon, 22 Feb 2016 12:21:22 -0500 Subject: [PATCH] v2: always send www-authn headers on unauthorized Fixes #1254. --- endpoints/v2/__init__.py | 3 +++ test/registry_tests.py | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/endpoints/v2/__init__.py b/endpoints/v2/__init__.py index 1624b3376..b02b1e541 100644 --- a/endpoints/v2/__init__.py +++ b/endpoints/v2/__init__.py @@ -30,7 +30,10 @@ def handle_registry_v2_exception(error): response = jsonify({ 'errors': [error.as_dict()] }) + response.status_code = error.http_status_code + if response.status_code == 401: + response.headers.extend(get_auth_headers()) logger.debug('sending response: %s', response.get_data()) return response diff --git a/test/registry_tests.py b/test/registry_tests.py index c6315e053..2030012ce 100644 --- a/test/registry_tests.py +++ b/test/registry_tests.py @@ -1319,7 +1319,10 @@ class V2RegistryTests(V2RegistryPullMixin, V2RegistryPushMixin, RegistryTestsMix self.assertEquals(len(data['tags']), 1) # Try to get tags before a repo exists. - self.conduct('GET', '/v2/devtable/doesnotexist/tags/list', auth='jwt', expected_code=401) + response = self.conduct('GET', '/v2/devtable/doesnotexist/tags/list', auth='jwt', expected_code=401) + + # Assert 401s to non-auth endpoints also get the WWW-Authenticate header. + self.assertIn('WWW-Authenticate', response.headers) def test_one_five_blacklist(self): self.conduct('GET', '/v2/', expected_code=404, user_agent='Go 1.1 package http')