handle auth fails

author: John McLear <john@mclear.co.uk> 2014-11-26 17:34:44 +0000
committer: John McLear <john@mclear.co.uk> 2014-11-26 17:34:44 +0000
commit: 16f3ebb3ba4066ffb2856e378010e5ea6d843b8d (patch)
tree: a769390cc69aa0fffae88f3948069ac1fdb3dac2
parent: 88b3d99fbd8c73fe585c46879a20715a9705fcb7 (diff)
download: etherpad-lite-16f3ebb3ba4066ffb2856e378010e5ea6d843b8d.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/node/handler/APIHandler.js b/src/node/handler/APIHandler.js
index 9adc2418..a26dd2cf 100644
--- a/src/node/handler/APIHandler.js
+++ b/src/node/handler/APIHandler.js
@@ -450,6 +450,7 @@ exports.handle = function(apiVersion, functionName, fields, req, res)
 
   if(fields["apikey"] != apikey.trim())
   {
+    res.statusCode = 401;
     res.send({code: 4, message: "no or wrong API Key", data: null});
     return;
   }
diff --git a/tests/backend/specs/api.js b/tests/backend/specs/api.js
index 685714c1..40aa2183 100644
--- a/tests/backend/specs/api.js
+++ b/tests/backend/specs/api.js
@@ -34,10 +34,9 @@ describe('Permission', function(){
   it('errors if can connect without correct APIKey', function(done) {
     // This is broken because Etherpad doesn't handle HTTP codes properly see #2343
     // If your APIKey is password you deserve to fail all tests anyway
-    throw new Error("Erroring anyway just because the API seems broken here");
-    api.get('/api/'+apiVersion+'/createPad&apikey=password&padID=test')
-    .expect('Content-Type', /json/)
-    .expect(200, done)
+    var permErrorURL = '/api/'+apiVersion+'/createPad?apikey=password&padID=test';
+    api.get(permErrorURL)
+    .expect(401, done)
   });
 })
author	John McLear <john@mclear.co.uk>	2014-11-26 17:34:44 +0000
committer	John McLear <john@mclear.co.uk>	2014-11-26 17:34:44 +0000
commit	16f3ebb3ba4066ffb2856e378010e5ea6d843b8d (patch)
tree	a769390cc69aa0fffae88f3948069ac1fdb3dac2
parent	88b3d99fbd8c73fe585c46879a20715a9705fcb7 (diff)
download	etherpad-lite-16f3ebb3ba4066ffb2856e378010e5ea6d843b8d.zip