From 5b6653bd7317a9b3a862a0dfbe2e2a43ae636c11 Mon Sep 17 00:00:00 2001
From: Evert Pot <me@evertpot.com>
Date: Sat, 6 Dec 2014 21:20:45 -0500
Subject: [PATCH] Don't overwrite WWW-Authenticate. Fixes #38.

---
 ChangeLog.md        | 4 +++-
 lib/Auth/AWS.php    | 2 +-
 lib/Auth/Basic.php  | 2 +-
 lib/Auth/Digest.php | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 7873d94..aab984a 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,7 +5,9 @@ ChangeLog
 ------------------
 
 * Hiding `Authorization` header value from `Request::__toString`.
-
+* #38: The Authentication helpers no longer overwrite any existing
+  `WWW-Authenticate` headers, but instead append new headers. This ensures
+  that multiple authentication systems can exist in the same environment.
 
 3.0.2 (2014-10-09)
 ------------------
diff --git a/lib/Auth/AWS.php b/lib/Auth/AWS.php
index d4b8489..8ee21d7 100644
--- a/lib/Auth/AWS.php
+++ b/lib/Auth/AWS.php
@@ -141,7 +141,7 @@ function validate($secretKey) {
      */
     function requireLogin() {
 
-        $this->response->setHeader('WWW-Authenticate','AWS');
+        $this->response->addHeader('WWW-Authenticate','AWS');
         $this->response->setStatus(401);
 
     }
diff --git a/lib/Auth/Basic.php b/lib/Auth/Basic.php
index 72dbee5..97dae17 100644
--- a/lib/Auth/Basic.php
+++ b/lib/Auth/Basic.php
@@ -49,7 +49,7 @@ function getCredentials() {
      */
     function requireLogin() {
 
-        $this->response->setHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
+        $this->response->addHeader('WWW-Authenticate','Basic realm="' . $this->realm . '"');
         $this->response->setStatus(401);
 
     }
diff --git a/lib/Auth/Digest.php b/lib/Auth/Digest.php
index 44f7e7d..0ae991b 100644
--- a/lib/Auth/Digest.php
+++ b/lib/Auth/Digest.php
@@ -182,7 +182,7 @@ function requireLogin() {
                 break;
         }
 
-        $this->response->setHeader('WWW-Authenticate','Digest realm="' . $this->realm . '",qop="'.$qop.'",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');
+        $this->response->addHeader('WWW-Authenticate','Digest realm="' . $this->realm . '",qop="'.$qop.'",nonce="' . $this->nonce . '",opaque="' . $this->opaque . '"');
         $this->response->setStatus(401);
 
     }