fix: login successed but popup `Forbidden` (#437)

diff --git a/assets/index.js b/assets/index.js
index bb3a5dad72bedbde47d9a6b9c7ce367766fd7de1..e515bdc00323dfc52ffe63fbce861f406de4d1b4 100644 (file)
--- a/assets/index.js
+++ b/assets/index.js
@@ -746,7 +746,7 @@ async function saveChange() {
 async function checkAuth() {
   if (!DATA.auth) return;
   const res = await fetch(baseUrl(), {
-    method: "WRITEABLE",
+    method: "AUTH",
   });
   await assertResOK(res);
   document.querySelector(".login-btn").classList.add("hidden");

diff --git a/src/auth.rs b/src/auth.rs
index 3640f6cd7050a5a4b1303b40d90655250d04c1c5..6a58fa9f2c11ee5341300e9316f3dcab187e0f67 100644 (file)
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -429,6 +429,7 @@ fn is_readonly_method(method: &Method) -> bool {
         || method == Method::OPTIONS
         || method == Method::HEAD
         || method.as_str() == "PROPFIND"
+        || method.as_str() == "AUTH"
 }
 
 fn strip_prefix<'a>(search: &'a [u8], prefix: &[u8]) -> Option<&'a [u8]> {

diff --git a/src/server.rs b/src/server.rs
index 414f5786674a1e1cce6e1ea86242cea22b3599c6..d623ad3367ee738e40d4a1664e50595e0e9262bf 100644 (file)
--- a/src/server.rs
+++ b/src/server.rs
@@ -200,7 +200,10 @@ impl Server {
             .map(|(k, v)| (k.to_string(), v.to_string()))
             .collect();
 
-        if method.as_str() == "WRITEABLE" {
+        if method.as_str() == "AUTH" {
+            if user.is_none() {
+                self.auth_reject(&mut res)?;
+            }
             return Ok(res);
         }
 

diff --git a/tests/auth.rs b/tests/auth.rs
index 39e3b6d26d1fe69980f17490386062eda0901464..04a3782fdd1660d21366765f78bb9ff37b513008 100644 (file)
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -119,11 +119,11 @@ fn auth_check(
     #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
-    let resp = fetch!(b"WRITEABLE", &url).send()?;
+    let resp = fetch!(b"AUTH", &url).send()?;
     assert_eq!(resp.status(), 401);
-    let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user2", "pass2")?;
-    assert_eq!(resp.status(), 403);
-    let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user", "pass")?;
+    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
+    assert_eq!(resp.status(), 200);
+    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
     assert_eq!(resp.status(), 200);
     Ok(())
 }
@@ -133,11 +133,11 @@ fn auth_compact_rules(
     #[with(&["--auth", "user:pass@/:rw|user2:pass2@/", "-A"])] server: TestServer,
 ) -> Result<(), Error> {
     let url = format!("{}index.html", server.url());
-    let resp = fetch!(b"WRITEABLE", &url).send()?;
+    let resp = fetch!(b"AUTH", &url).send()?;
     assert_eq!(resp.status(), 401);
-    let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user2", "pass2")?;
-    assert_eq!(resp.status(), 403);
-    let resp = send_with_digest_auth(fetch!(b"WRITEABLE", &url), "user", "pass")?;
+    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user", "pass")?;
+    assert_eq!(resp.status(), 200);
+    let resp = send_with_digest_auth(fetch!(b"AUTH", &url), "user2", "pass2")?;
     assert_eq!(resp.status(), 200);
     Ok(())
 }