jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-07-25 18:16:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Improve authorisation (#2427)

Browse Source
This commit is contained in:
Pascal Vizeli 2021-01-12 14:49:53 +01:00 committed by GitHub
parent 3e9de0c210
commit d14a47d3f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
supervisor/api/auth.py
View File

@ -29,6 +29,10 @@ SCHEMA_PASSWORD_RESET = vol.Schema(
} }
) )
REALM_HEADER: Dict[str, str] = {
WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
}
class APIAuth(CoreSysAttributes): class APIAuth(CoreSysAttributes):
"""Handle RESTful API for auth functions.""" """Handle RESTful API for auth functions."""
@ -63,7 +67,9 @@ class APIAuth(CoreSysAttributes):
# BasicAuth # BasicAuth
if AUTHORIZATION in request.headers: if AUTHORIZATION in request.headers:
return await self._process_basic(request, addon) if not await self._process_basic(request, addon):
raise HTTPUnauthorized(headers=REALM_HEADER)
return True
# Json # Json
if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON: if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
@ -75,9 +81,7 @@ class APIAuth(CoreSysAttributes):
data = await request.post() data = await request.post()
return await self._process_dict(request, addon, data) return await self._process_dict(request, addon, data)
raise HTTPUnauthorized( raise HTTPUnauthorized(headers=REALM_HEADER)
headers={WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'}
)
@api_process @api_process
async def reset(self, request: web.Request) -> None: async def reset(self, request: web.Request) -> None: