always return 401 when auth fails

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
owncloud · Oct 6, 2020 · 64f9db7 · 64f9db7
1 parent 46742f0
commit 64f9db7
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/proxy/pkg/middleware/account_uuid.go b/proxy/pkg/middleware/account_uuid.go
@@ -93,12 +93,15 @@ func AccountUUID(opts ...Option) func(next http.Handler) http.Handler {
 				if opt.EnableBasicAuth && ok {
 					l.Warn().Msg("basic auth enabled, use only for testing or development")
 					account, status = getAccount(l, opt.AccountsClient, fmt.Sprintf("login eq '%s' and password eq '%s'", strings.ReplaceAll(login, "'", "''"), strings.ReplaceAll(password, "'", "''")))
-					if status != 0 {
-						w.WriteHeader(status)
+					if status == 0 {
+						// fake claims for the subsequent code flow
+						claims = &oidc.StandardClaims{
+							Iss: opt.OIDCIss,
+						}
+					} else {
+						// tell client to reauthenticate
+						w.WriteHeader(http.StatusUnauthorized)
 						return
-					}					// fake claims for the subsequent code flow
-					claims = &oidc.StandardClaims{
-						Iss: opt.OIDCIss,
 					}
 				} else {
 					next.ServeHTTP(w, r)