Report missing authenticationHEAD master

Previously, HTTP error 403 was returned if an unauthenticated user attempted to access a file or directory inside /user/. However, this error message confusing because, most often, it was caused by legitimate users with missing or expired HTTP cookies. While the usual workaround was to access /index.html and authenticate, this was too confusing to some users.
author: Xavier Del Campo Romero <xavi92@disroot.org> 2026-06-13 09:38:00 +0200
committer: Xavier Del Campo Romero <xavi92@disroot.org> 2026-06-13 09:38:00 +0200
commit: 30e9bcc492ffa81dabfd316a295ff4d20daaec3b (patch)
tree: d2ff6ebeb843a66497bd6364396f5077cd53ee79
parent: 3db69a5f7fdf2db48d512f60a9afe6b894877dba (diff)
download: slcl-30e9bcc492ffa81dabfd316a295ff4d20daaec3b.tar.gz
3 files changed, 35 insertions, 1 deletions
diff --git a/main.c b/main.c
index 6ad0cf7..ff05fd4 100644
--- a/main.c
+++ b/main.c
@@ -1021,7 +1021,7 @@ static int getnode(const struct http_payload *const p,
     if (auth_cookie(a, &p->cookie))
     {
         fprintf(stderr, "%s: auth_cookie failed\n", __func__);
-        return page_forbidden(r);
+        return page_missing_login(r);
     }
     else if (path_invalid(resource))
     {
diff --git a/page.c b/page.c
index 27c277d..6f4ca17 100644
--- a/page.c
+++ b/page.c
@@ -2051,6 +2051,39 @@ int page_failed_login(struct http_response *const r)
     return 0;
 }
 
+int page_missing_login(struct http_response *const r)
+{
+    static const char index[] =
+        DOCTYPE_TAG
+        "<html>\n"
+        "   <head>\n"
+        "       " COMMON_HEAD "\n"
+        "       " STYLE_A "\n"
+        "   </head>\n"
+        "   <body>\n"
+        "       <div class=\"userform\">\n"
+        "           <label>Please authenticate to continue.</label>\n"
+        "       </div>\n"
+                LOGIN_BODY
+        "   </body>\n"
+        "</html>\n";
+
+    *r = (const struct http_response)
+    {
+        .status = HTTP_STATUS_UNAUTHORIZED,
+        .buf.ro = index,
+        .n = sizeof index - 1
+    };
+
+    if (http_response_add_header(r, "Content-Type", "text/html"))
+    {
+        fprintf(stderr, "%s: http_response_add_header failed\n", __func__);
+        return -1;
+    }
+
+    return 0;
+}
+
 int page_login(struct http_response *const r)
 {
     static const char index[] =
diff --git a/page.h b/page.h
index 8b1e9a0..6ab28ea 100644
--- a/page.h
+++ b/page.h
@@ -40,6 +40,7 @@ struct page_rm
 int page_login(struct http_response *r);
 int page_style(struct http_response *r, const char *path);
 int page_failed_login(struct http_response *r);
+int page_missing_login(struct http_response *r);
 int page_forbidden(struct http_response *r);
 int page_bad_request(struct http_response *r);
 int page_not_found(struct http_response *r);
author	Xavier Del Campo Romero <xavi92@disroot.org>	2026-06-13 09:38:00 +0200
committer	Xavier Del Campo Romero <xavi92@disroot.org>	2026-06-13 09:38:00 +0200
commit	30e9bcc492ffa81dabfd316a295ff4d20daaec3b (patch)
tree	d2ff6ebeb843a66497bd6364396f5077cd53ee79
parent	3db69a5f7fdf2db48d512f60a9afe6b894877dba (diff)
download	slcl-30e9bcc492ffa81dabfd316a295ff4d20daaec3b.tar.gz