Services Basic Authentication doesn't secure REST Server endpoints

It's Work!! Thank you so much!! :)

My user/register functionality stopped working after this patch, I'll look into this tomorrow.

I get the following now when user/register is called: (Unauthorized : No credentials were supplied in the request.)

My call from an AngularJS app is the following:

     $http({
          method: 'POST',
          url: config.endpoint + '/api/user/register',
          dataType: 'json',
          data: {
            'mail': email,
            'pass': password,
            'status': 1,
          },
        })
          .success(function (data, status, headers, config) {
            deferred.resolve(data);
            $ionicLoading.hide();

          })
          .error(function (data, status, headers, config) {
            deferred.reject(data);
            $ionicLoading.hide();
          });

        return deferred.promise;
      },

@klaatuveratanecto - this happens by design.

This module only provides authentication on behalf of services module, it does not deal with request authorization. It will not block requests, that is up to services and Drupal's permission system.

If an anonymous user has permission to access the data displayed in the endpoint, then the request will succeed even if the request is un-authenticated.

Furthermore, services allows more than one authentication mechanism to be used and they are tried in sequence, implementing the patch provided would break that behaviour.