amorfo77/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-05-06 22:55:24 +00:00
Code Issues Projects Releases Wiki Activity

Fixhancement: only show basic auth for appropriate requests

Browse Source
This commit is contained in:
shamoon
2026-03-16 07:08:58 -07:00
parent 1e00ad5f30
commit a0dd7a1506
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/documents/tests/test_api_status.py
+7
View File
@@ -57,11 +57,18 @@ class TestSystemStatus(APITestCase):
"""
response = self.client.get(self.ENDPOINT)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertNotIn("WWW-Authenticate", response)
normal_user = User.objects.create_user(username="normal_user")
self.client.force_login(normal_user)
response = self.client.get(self.ENDPOINT)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_system_status_with_bad_basic_auth_challenges(self) -> None:
self.client.credentials(HTTP_AUTHORIZATION="Basic invalid")
response = self.client.get(self.ENDPOINT)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response["WWW-Authenticate"], 'Basic realm="api"')
def test_system_status_container_detection(self):
"""
GIVEN:
src/paperless/auth.py
+7
View File
@@ -83,3 +83,10 @@ class PaperlessBasicAuthentication(authentication.BasicAuthentication):
raise exceptions.AuthenticationFailed("MFA required")
return user_tuple
def authenticate_header(self, request):
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
if auth_header.lower().startswith("basic "):
return super().authenticate_header(request)
return None