From e60d70fc01371f2f8ea27596ea91019cdc236994 Mon Sep 17 00:00:00 2001
From: vlad <vlad@drivergrp.com>
Date: Mon, 26 Sep 2016 13:27:03 -0700
Subject: 401 rejections for absent permission

---
 src/main/scala/com/drivergrp/core/auth.scala | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/main/scala')

diff --git a/src/main/scala/com/drivergrp/core/auth.scala b/src/main/scala/com/drivergrp/core/auth.scala
index e9d4b84..3ffeeeb 100644
--- a/src/main/scala/com/drivergrp/core/auth.scala
+++ b/src/main/scala/com/drivergrp/core/auth.scala
@@ -1,5 +1,8 @@
 package com.drivergrp.core
 
+import akka.http.scaladsl.model.headers.HttpChallenges
+import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected
+
 object auth {
 
   sealed trait Permission
@@ -97,7 +100,10 @@ object auth {
               val token = AuthToken(Base64[Macaroon](tokenValue))
 
               if (extractUser(token).roles.exists(_.hasPermission(permission))) provide(token)
-              else reject(ValidationRejection(s"User does not have the required permission $permission"))
+              else {
+                val challenge = HttpChallenges.basic(s"User does not have the required permission $permission")
+                reject(AuthenticationFailedRejection(CredentialsRejected, challenge))
+              }
 
             case None =>
               reject(MissingHeaderRejection("WWW-Authenticate"))
-- 
cgit v1.2.3