From a0dd7a15069946cc70a835db5933aa19be999df7 Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Mon, 16 Mar 2026 07:08:58 -0700 Subject: [PATCH] Fixhancement: only show basic auth for appropriate requests --- src/documents/tests/test_api_status.py | 7 +++++++ src/paperless/auth.py | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/src/documents/tests/test_api_status.py b/src/documents/tests/test_api_status.py index 9b7bf37ad..b9c482b9c 100644 --- a/src/documents/tests/test_api_status.py +++ b/src/documents/tests/test_api_status.py @@ -57,11 +57,18 @@ class TestSystemStatus(APITestCase): """ response = self.client.get(self.ENDPOINT) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertNotIn("WWW-Authenticate", response) normal_user = User.objects.create_user(username="normal_user") self.client.force_login(normal_user) response = self.client.get(self.ENDPOINT) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + def test_system_status_with_bad_basic_auth_challenges(self) -> None: + self.client.credentials(HTTP_AUTHORIZATION="Basic invalid") + response = self.client.get(self.ENDPOINT) + self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response["WWW-Authenticate"], 'Basic realm="api"') + def test_system_status_container_detection(self): """ GIVEN: diff --git a/src/paperless/auth.py b/src/paperless/auth.py index c68d63cf0..ac5b493b5 100644 --- a/src/paperless/auth.py +++ b/src/paperless/auth.py @@ -83,3 +83,10 @@ class PaperlessBasicAuthentication(authentication.BasicAuthentication): raise exceptions.AuthenticationFailed("MFA required") return user_tuple + + def authenticate_header(self, request): + auth_header = request.META.get("HTTP_AUTHORIZATION", "") + if auth_header.lower().startswith("basic "): + return super().authenticate_header(request) + + return None