diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f788c179..5e2ab7ed 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -128,8 +128,8 @@ class ApplicationController < ActionController::Base respond_to do |format| format.html { redirect_to :controller => "account", :action => "login", :back_url => url } format.atom { redirect_to :controller => "account", :action => "login", :back_url => url } - format.xml { head :unauthorized } - format.json { head :unauthorized } + format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } + format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' } end return false end diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb index 7f5c15c7..9ec69a8c 100644 --- a/test/integration/http_basic_login_test.rb +++ b/test/integration/http_basic_login_test.rb @@ -44,6 +44,18 @@ class HttpBasicLoginTest < ActionController::IntegrationTest assert_equal User.anonymous, User.current end end + + context "without credentials" do + setup do + get "/projects/onlinestore/news.xml" + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "include_www_authenticate_header" do + assert @controller.response.headers.has_key?('WWW-Authenticate') + end + end end context "in :json format" do @@ -76,5 +88,16 @@ class HttpBasicLoginTest < ActionController::IntegrationTest end end + context "without credentials" do + setup do + get "/projects/onlinestore/news.json" + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "include_www_authenticate_header" do + assert @controller.response.headers.has_key?('WWW-Authenticate') + end + end end end