diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/main/scala/com/drivergrp/core/auth.scala | 8 | ||||
-rw-r--r-- | src/test/scala/com/drivergrp/core/AuthTest.scala | 8 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/main/scala/com/drivergrp/core/auth.scala b/src/main/scala/com/drivergrp/core/auth.scala index e9d4b84..3ffeeeb 100644 --- a/src/main/scala/com/drivergrp/core/auth.scala +++ b/src/main/scala/com/drivergrp/core/auth.scala @@ -1,5 +1,8 @@ package com.drivergrp.core +import akka.http.scaladsl.model.headers.HttpChallenges +import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected + object auth { sealed trait Permission @@ -97,7 +100,10 @@ object auth { val token = AuthToken(Base64[Macaroon](tokenValue)) if (extractUser(token).roles.exists(_.hasPermission(permission))) provide(token) - else reject(ValidationRejection(s"User does not have the required permission $permission")) + else { + val challenge = HttpChallenges.basic(s"User does not have the required permission $permission") + reject(AuthenticationFailedRejection(CredentialsRejected, challenge)) + } case None => reject(MissingHeaderRejection("WWW-Authenticate")) diff --git a/src/test/scala/com/drivergrp/core/AuthTest.scala b/src/test/scala/com/drivergrp/core/AuthTest.scala index 0e4841b..992ae83 100644 --- a/src/test/scala/com/drivergrp/core/AuthTest.scala +++ b/src/test/scala/com/drivergrp/core/AuthTest.scala @@ -4,7 +4,8 @@ import com.drivergrp.core.auth._ import akka.http.scaladsl.testkit.ScalatestRouteTest import akka.http.scaladsl.server._ import Directives._ -import akka.http.scaladsl.model.headers.RawHeader +import akka.http.scaladsl.model.headers.{HttpChallenges, RawHeader} +import akka.http.scaladsl.server.AuthenticationFailedRejection.CredentialsRejected import org.scalatest.mock.MockitoSugar import org.scalatest.{FlatSpec, Matchers} @@ -34,7 +35,10 @@ class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRo } ~> check { handled shouldBe false - rejections should contain(ValidationRejection("User does not have the required permission CanAssignRoles", None)) + rejections should contain( + AuthenticationFailedRejection( + CredentialsRejected, + HttpChallenges.basic("User does not have the required permission CanAssignRoles"))) } } |