401 if API client is not authenticated

Server should not HTTP-redirect API client to the auth page, error 401 is more suitable.
2014-07-25 19:19:41 +04:00 · 2014-07-25 19:19:41 +04:00 · 9aa9bf9478
commit 9aa9bf9478
parent adc259a8e8
1 changed files with 9 additions and 4 deletions
--- a/yesod-auth/Yesod/Auth.hs
+++ b/yesod-auth/Yesod/Auth.hs
@ -415,18 +415,23 @@ type YesodAuthPersist master =
 type AuthEntity master = KeyEntity (AuthId master)

 -- | Similar to 'maybeAuthId', but redirects to a login page if user is not
-- authenticated.
+-- authenticated or responds with error 401 if this is an API client (expecting JSON).
 --
 -- Since 1.1.0
 requireAuthId :: YesodAuth master => HandlerT master IO (AuthId master)
-requireAuthId = maybeAuthId >>= maybe redirectLogin return
+requireAuthId = maybeAuthId >>= maybe handleAuthLack return

 -- | Similar to 'maybeAuth', but redirects to a login page if user is not
-- authenticated.
+-- authenticated or responds with error 401 if this is an API client (expecting JSON).
 --
 -- Since 1.1.0
 requireAuth :: YesodAuthPersist master => HandlerT master IO (Entity (AuthEntity master))
-requireAuth = maybeAuth >>= maybe redirectLogin return
+requireAuth = maybeAuth >>= maybe handleAuthLack return
+
+handleAuthLack :: Yesod master => HandlerT master IO a
+handleAuthLack = do
+    aj <- acceptsJson
+    if aj then notAuthenticated else redirectLogin

 redirectLogin :: Yesod master => HandlerT master IO a
 redirectLogin = do