Ticket Details

HttpAuth doesn't send status code 401

BUG Ticket (closed) 

###What I did:
I used the following code inside an action
{{{
Auth::config(array('user' => array(
	'adapter' => 'Http',
	'users' => array('user' => 'pass'),
	'method' => 'basic'
)));
$user = Auth::check('user', $this->request);
if (!$user) {
	return 'Access Denied';
}
$this->render(array('json' => $user));
}}}

###What happened:
Status code 200 will be sent no matter correct credentials are provided or not. And the browser doesn't ask for username and password.

###What was expected:
Status code 401 should be sent

###More:
We can send a 401 manually using ```$this->response->status(401);``` but I don't how can it be automatically done inside Http auth adapter, because there is no access to response object inside Http adapter.
on 08.22.10 reported by: farhadi owned by: nate

Updates

(invalid) on 09.30.10 by nate
  • owner was changed to nate
  • status was changed to closed
  • resolution was changed to invalid
Actually, that's not how it's intended to work. The adapter only returns true or false, depending on whether authentication was successful. Handling authentication failure is still the responsibility of the user.

Doing otherwise would tightly couple the adapter to the controller, and this isn't something we have a design for as yet.