From 53073bc5ad0c014aeb3828bf586aba129cad7f82 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Mon, 16 Mar 2026 07:38:29 -0700
Subject: [PATCH] Fallback to the token auth, not none

---
 src/documents/tests/test_api_status.py | 2 +-
 src/paperless/auth.py                  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/documents/tests/test_api_status.py b/src/documents/tests/test_api_status.py
index b9c482b9c..ec3f9e611 100644
--- a/src/documents/tests/test_api_status.py
+++ b/src/documents/tests/test_api_status.py
@@ -57,7 +57,7 @@ class TestSystemStatus(APITestCase):
         """
         response = self.client.get(self.ENDPOINT)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
-        self.assertNotIn("WWW-Authenticate", response)
+        self.assertEqual(response["WWW-Authenticate"], "Token")
         normal_user = User.objects.create_user(username="normal_user")
         self.client.force_login(normal_user)
         response = self.client.get(self.ENDPOINT)
diff --git a/src/paperless/auth.py b/src/paperless/auth.py
index ac5b493b5..6857e1087 100644
--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@@ -89,4 +89,5 @@ class PaperlessBasicAuthentication(authentication.BasicAuthentication):
         if auth_header.lower().startswith("basic "):
             return super().authenticate_header(request)
 
-        return None
+        # Still 401 for anonymous API access
+        return authentication.TokenAuthentication.keyword