Authentication does not work on `route`

[Edvinas01]

Ktor Version

• io.ktor:ktor-server-netty:1.2.0
• io.ktor:ktor-auth:1.2.0

Ktor Engine Used

• io.ktor:ktor-server-netty:1.2.0

JVM Version, Operating System and Relevant Context

• openjdk 11.0.3
• org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.31

Feedback

When setting up authentication for nested routes, the authentication provider does not get triggered and instead of returning a 401 it results in 404.

For example given the following routing and authentication setup:

install(Authentication) {
    basic { }
}

install(Routing) {
    authenticate {
        route("/foo") {
            get("/bar") {
            }
        }
    }
}

And trying to ping /foo/bar without proper credentials I'll receive 401 which is expected:

curl localhost:8080/foo/bar -v
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /foo/bar HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic realm="Ktor Server", charset=UTF-8
< Content-Length: 0
< 
* Connection #0 to host localhost left intact

However if I ping /foo, I get a 404 instead of 401:

curl localhost:8080/foo -v
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /foo HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Content-Length: 0
< 
* Connection #0 to host localhost left intact

Since /foo route is encapsulated with authenticate, I'd expect requests to this route to also result in 401.

[oleg-larshin]

Please check the following ticket on YouTrack for follow-ups to this issue. GitHub issues will be closed in the coming weeks.