From 3575a2df18a4216cd751cb19143048bdffa144d5 Mon Sep 17 00:00:00 2001
From: Rodrigue Cloutier <rodcloutier@gmail.com>
Date: Wed, 3 Apr 2013 21:29:04 -0400
Subject: [PATCH] Fixed http_auth when authorization is not provided in header

---
 flask_security/decorators.py | 4 +++-
 tests/functional_tests.py    | 7 +++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/flask_security/decorators.py b/flask_security/decorators.py
index 0ea1105..12c80c5 100644
--- a/flask_security/decorators.py
+++ b/flask_security/decorators.py
@@ -67,7 +67,9 @@ def _check_token():
 
 
 def _check_http_auth():
-    auth = request.authorization or dict(username=None, password=None)
+    from collections import namedtuple
+    Auth = namedtuple('Auth', 'username, password')
+    auth = request.authorization or Auth(username=None, password=None)
     user = _security.datastore.find_user(email=auth.username)
 
     if user and utils.verify_and_update_password(auth.password, user):
diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index 2438282..20edd2c 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -142,6 +142,13 @@ class DefaultSecurityTests(SecurityTest):
         })
         self.assertIn('HTTP Authentication', r.data)
 
+    def test_http_auth_no_authorization(self):
+        r = self._get('/http', headers={})
+        self.assertIn('<h1>Unauthorized</h1>', r.data)
+        self.assertIn('WWW-Authenticate', r.headers)
+        self.assertEquals('Basic realm="Login Required"',
+                          r.headers['WWW-Authenticate'])
+
     def test_invalid_http_auth_invalid_username(self):
         r = self._get('/http', headers={
             'Authorization': 'Basic ' + base64.b64encode("bogus:bogus")