3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authorization: specifically identify basic auth 

Raise an exception when a request with Basic Auth is received, however do not log the username/password.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2021-08-28 08:54:40 -04:00
parent dfb8da6e3e
commit 245053434f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moonraker/components/authorization.py
View File

@ -533,6 +533,8 @@ class Authorization:
else: else:
if auth_token.startswith("Bearer "): if auth_token.startswith("Bearer "):
auth_token = auth_token[7:] auth_token = auth_token[7:]
elif auth_token.startswith("Basic "):
raise HTTPError(401, "Basic Auth is not supported")
else: else:
raise HTTPError( raise HTTPError(
401, f"Invalid Authorization Header: {auth_token}") 401, f"Invalid Authorization Header: {auth_token}")