authorization: specifically identify basic auth

Raise an exception when a request with Basic Auth is received, however do not log the username/password. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-08-28 08:54:40 -04:00 · 2021-08-28 08:54:40 -04:00 · 245053434f
parent dfb8da6e3e
commit 245053434f
1 changed files with 2 additions and 0 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -533,6 +533,8 @@ class Authorization:
        else:
            if auth_token.startswith("Bearer "):
                auth_token = auth_token[7:]
+            elif auth_token.startswith("Basic "):
+                raise HTTPError(401, "Basic Auth is not supported")
            else:
                raise HTTPError(
                    401, f"Invalid Authorization Header: {auth_token}")