From 56722d1ac1f2ebd4174b9b1174c3343849149d9b Mon Sep 17 00:00:00 2001 From: yackob03 Date: Thu, 19 Dec 2013 15:18:14 -0500 Subject: [PATCH] Allow a request with invalid basic auth to still be considered anonymous, rather than throwing a 401. --- auth/auth.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/auth/auth.py b/auth/auth.py index c4a17b080..11680cfee 100644 --- a/auth/auth.py +++ b/auth/auth.py @@ -34,7 +34,7 @@ def process_basic_auth(auth): if len(credentials) != 2: logger.debug('Invalid basic auth credential format.') - if credentials[0] == '$token': + elif credentials[0] == '$token': # Use as token auth try: token = model.load_token_data(credentials[1]) @@ -77,7 +77,6 @@ def process_basic_auth(auth): # We weren't able to authenticate via basic auth. logger.debug('Basic auth present but could not be validated.') - abort(401) def process_token(auth):