supervisor/tests/api/test_auth.py at 0732999ea9ad6f0d95e080c020bd1bf1bbc08b2d

mirror of https://github.com/home-assistant/supervisor.git synced 2026-04-17 15:23:21 +01:00

Files

Stefan Agner 9e0d3fe461 Return 401 for non-Basic Authorization headers on /auth endpoint (#6612 )

aiohttp's BasicAuth.decode() raises ValueError for any non-Basic auth
method (e.g. Bearer tokens). This propagated as an unhandled exception,
causing a 500 response instead of the expected 401 Unauthorized.

Catch the ValueError in _process_basic() and raise HTTPUnauthorized with
the WWW-Authenticate realm header so clients get a proper 401 response.

Fixes SUPERVISOR-BFG

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-04 15:55:49 -05:00

12 KiB

Raw Blame History

View Raw

12 KiB Raw Blame History

12 KiB

Raw Blame History