HTTP Basic Auth UnauthorizedHttpException not displaying login prompt

[ejunker]

• Laravel Version: 5.5.0
• PHP Version: 7.1.4
• Database Driver & Version: mysql 5.6.35

Description:

I have a middleware that calls onceBasic() to add password protection to a route. Prior to upgrading to 5.5 when I hit the route it would cause the browser to display the username/password dialog for HTTP Basic authentication. Now after upgrading to 5.5 I get a Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException and the Symfony exception handler renders an error page showing the exception. I believe this is related to this commit 37fb414 it is throwing an exception instead of a response and it looks like the exception is rendered by the exception handler instead of sending a 401 with the WWW-Authenticate: Basic header.

Steps To Reproduce:

[freekmurze]

I can confirm that basic auth is indeed broken as described above.

failedBasicResponse should return this:

 return new \Illuminate\Http\Response('Invalid credentials.', 401, ['WWW-Authenticate' => 'Basic']);

@ejunker Though I'm pretty sure this will be fixed at the framework level soon, you can fix this in your app by catching UnauthorizedHttpException in the exception handler. Here's an example from my app.

[DCzajkowski]

No worries! I found the solution. PR in about 5 minutes

[ethernidee]

By unknown reason the code is the same again:

/**
 * Get the response for basic authentication.
 *
 * @return void
 *
 * @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException
 */
protected function failedBasicResponse()
{
    throw new UnauthorizedHttpException('Basic', 'Invalid credentials.');
}