From 5a22b21a40560c9d645864200cdb9a90147884c8 Mon Sep 17 00:00:00 2001
From: Eric Callahan <arksine.code@gmail.com>
Date: Mon, 21 Nov 2022 19:15:52 -0500
Subject: [PATCH] authorization: relax auth header requirements

Don't raise an exception if the authorization header contains an
invalid value, such as Basic auth.  Ignore it and move on to the
next step in authentication.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index c0d2151..00121ab 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -648,20 +648,16 @@ class Authorization:
                 qtoken = request.query_arguments.get('access_token', None)
                 if qtoken is not None:
                     auth_token = qtoken[-1].decode()
+        elif auth_token.startswith("Bearer "):
+            auth_token = auth_token[7:]
         else:
-            if auth_token.startswith("Bearer "):
-                auth_token = auth_token[7:]
-            elif auth_token.startswith("Basic "):
-                raise HTTPError(401, "Basic Auth is not supported")
-            else:
-                raise HTTPError(
-                    401, f"Invalid Authorization Header: {auth_token}")
+            return None
         if auth_token:
             try:
                 return self.decode_jwt(auth_token)
             except Exception:
                 logging.exception(f"JWT Decode Error {auth_token}")
-                raise HTTPError(401, f"Error decoding JWT: {auth_token}")
+                raise HTTPError(401, "JWT Decode Error")
         return None
 
     def _check_authorized_ip(self, ip: IPAddr) -> bool: