From 0dbf1b73cb6e1d95adc5cf148108db134ec163ac Mon Sep 17 00:00:00 2001
From: Oliver Gorwits <oliver@cpan.org>
Date: Wed, 6 Oct 2021 09:07:35 +0100
Subject: [PATCH] add a code path for unauthorized XHR

---
 .gitattributes                | 1 +
 lib/App/Netdisco/Web/AuthN.pm | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/.gitattributes b/.gitattributes
index dfaba790..f69293f5 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,3 @@
 share/public/javascripts/*.min.js binary
 share/public/css/*.min.css binary
+share/public/swagger-ui/* binary
diff --git a/lib/App/Netdisco/Web/AuthN.pm b/lib/App/Netdisco/Web/AuthN.pm
index 71fc8d05..cc1803a1 100644
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -210,6 +210,11 @@ get qr{^/(?:login(?:/denied)?)?} => sub {
         return_url => param('return_url'),
       };
     }
+    elsif (defined request->header('X-Requested-With')
+           and request->header('X-Requested-With') eq 'XMLHttpRequest') {
+      status('unauthorized');
+      return '<div class="span2 alert alert-error"><i class="icon-ban-circle"></i> Error: unauthorized.</div>';
+    }
     else {
       template 'index', {
         return_url => param('return_url')