From 291e90afcfc5bacd809bdfc8e600442666c1f1d6 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jbjohnso@us.ibm.com>
Date: Fri, 25 Jul 2014 15:40:26 -0400
Subject: [PATCH] Fix 500 instead of 401 on bad HTTP authentication

Code optimistically assumed that authentication would fill out data to
pass to authorization, which does not get filled out if authentication fails.
---
 confluent_server/confluent/httpapi.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/confluent_server/confluent/httpapi.py b/confluent_server/confluent/httpapi.py
index 7deaee0b..c54d1aa4 100644
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@@ -167,6 +167,8 @@ def _authorize_request(env, operation):
         name, passphrase = base64.b64decode(
             env['HTTP_AUTHORIZATION'].replace('Basic ', '')).split(':', 1)
         authdata = auth.check_user_passphrase(name, passphrase, element=None)
+        if not authdata:
+            return {'code': 401}
         sessid = util.randomstring(32)
         while sessid in httpsessions:
             sessid = util.randomstring(32)