From 30e9bcc492ffa81dabfd316a295ff4d20daaec3b Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Sat, 13 Jun 2026 09:38:00 +0200
Subject: Report missing authentication

Previously, HTTP error 403 was returned if an unauthenticated user
attempted to access a file or directory inside /user/. However, this
error message confusing because, most often, it was caused by legitimate
users with missing or expired HTTP cookies. While the usual workaround
was to access /index.html and authenticate, this was too confusing to
some users.
---
 page.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

(limited to 'page.c')

diff --git a/page.c b/page.c
index 27c277d..6f4ca17 100644
--- a/page.c
+++ b/page.c
@@ -2051,6 +2051,39 @@ int page_failed_login(struct http_response *const r)
     return 0;
 }
 
+int page_missing_login(struct http_response *const r)
+{
+    static const char index[] =
+        DOCTYPE_TAG
+        "<html>\n"
+        "   <head>\n"
+        "       " COMMON_HEAD "\n"
+        "       " STYLE_A "\n"
+        "   </head>\n"
+        "   <body>\n"
+        "       <div class=\"userform\">\n"
+        "           <label>Please authenticate to continue.</label>\n"
+        "       </div>\n"
+                LOGIN_BODY
+        "   </body>\n"
+        "</html>\n";
+
+    *r = (const struct http_response)
+    {
+        .status = HTTP_STATUS_UNAUTHORIZED,
+        .buf.ro = index,
+        .n = sizeof index - 1
+    };
+
+    if (http_response_add_header(r, "Content-Type", "text/html"))
+    {
+        fprintf(stderr, "%s: http_response_add_header failed\n", __func__);
+        return -1;
+    }
+
+    return 0;
+}
+
 int page_login(struct http_response *const r)
 {
     static const char index[] =
-- 
cgit v1.2.3