From aa4d1fe816cf035df9b5a92bf35619d51aaa53e5 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 17 Apr 2010 12:45:23 +0000
Subject: [PATCH] Fixed: API 401 response does not include WWW-Authenticate
 header (#5322).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3679 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application_controller.rb |  4 ++--
 test/integration/http_basic_login_test.rb | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f788c179d..5e2ab7ed9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -128,8 +128,8 @@ class ApplicationController < ActionController::Base
       respond_to do |format|
         format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
         format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
-        format.xml { head :unauthorized }
-        format.json { head :unauthorized }
+        format.xml  { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
+        format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
       end
       return false
     end
diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb
index 7f5c15c7d..9ec69a8c9 100644
--- a/test/integration/http_basic_login_test.rb
+++ b/test/integration/http_basic_login_test.rb
@@ -44,6 +44,18 @@ class HttpBasicLoginTest < ActionController::IntegrationTest
           assert_equal User.anonymous, User.current
         end
       end
+      
+      context "without credentials" do
+        setup do
+          get "/projects/onlinestore/news.xml"
+        end
+
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "include_www_authenticate_header" do
+          assert @controller.response.headers.has_key?('WWW-Authenticate')
+        end
+      end
     end
 
     context "in :json format" do
@@ -76,5 +88,16 @@ class HttpBasicLoginTest < ActionController::IntegrationTest
       end
     end
     
+    context "without credentials" do
+      setup do
+        get "/projects/onlinestore/news.json"
+      end
+
+      should_respond_with :unauthorized
+      should_respond_with_content_type :json
+      should "include_www_authenticate_header" do
+        assert @controller.response.headers.has_key?('WWW-Authenticate')
+      end
+    end
   end
 end