better error message when publishing with bad auth header

2024-12-16 21:56:25 -05:00 · 2013-12-16 00:38:16 +04:00 · 2013-12-16 00:38:16 +04:00 · 3abce5e2b6
commit 3abce5e2b6
parent ef61515f28
2 changed files with 8 additions and 1 deletions
--- a/lib/index.js
+++ b/lib/index.js
@ -22,9 +22,14 @@ module.exports = function(config_hash) {
 				next()
 			} else {
 				if (!req.remoteUser) {
+					if (req.remoteUserError) {
+						var msg = "can't "+action+" restricted package, " + req.remoteUserError
+					} else {
+						var msg = "can't "+action+" restricted package without auth, did you forget 'npm set always-auth true'?"
+					}
 					next(new UError({
 						status: 403,
-						msg: "can't "+action+" restricted package without auth, did you forget 'npm set always-auth true'?",
+						msg: msg,
 					}))
 				} else {
 					next(new UError({
--- a/lib/middleware.js
+++ b/lib/middleware.js
@ -44,6 +44,8 @@ module.exports.basic_auth = function basic_auth(callback) {
 			//return _next.apply(null, arguments)
 			
 			// swallow error, user remains unauthorized
+			// set remoteUserError to indicate that user was attempting authentication
+			if (err) req.remoteUserError = err.msg
 			return _next()
 		}