From b4e81599ef90f9b0dfda1169f6789a9e5b70422d Mon Sep 17 00:00:00 2001
From: odysseusmax <royschristy@gmail.com>
Date: Sat, 19 Jun 2021 22:12:12 +0530
Subject: [PATCH] update basic auth check

---
 app/views/middlewhere.py | 38 ++++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/app/views/middlewhere.py b/app/views/middlewhere.py
index 1464d62..a6350bd 100644
--- a/app/views/middlewhere.py
+++ b/app/views/middlewhere.py
@@ -10,28 +10,30 @@ log = logging.getLogger(__name__)
 
 
 def _do_basic_auth_check(request):
-    auth_header = request.headers.get(hdrs.AUTHORIZATION)
-    if not auth_header:
-        if "download_" in request.match_info.route.name:
-            return Response(
-                body=b"",
-                status=401,
-                reason="UNAUTHORIZED",
-                headers={
-                    hdrs.WWW_AUTHENTICATE: 'Basic realm=""',
-                    hdrs.CONTENT_TYPE: "text/html; charset=utf-8",
-                    hdrs.CONNECTION: "keep-alive",
-                },
-            )
+    if "download_" not in request.match_info.route.name:
         return
 
-    try:
-        auth = BasicAuth.decode(auth_header=auth_header)
-    except ValueError:
-        auth = None
+    auth = None
+    auth_header = request.headers.get(hdrs.AUTHORIZATION)
+    if auth_header is not None:
+        try:
+            auth = BasicAuth.decode(auth_header=auth_header)
+        except ValueError:
+            pass
+
+    if auth is None:
+        try:
+            auth = BasicAuth.from_url(request.url)
+        except ValueError:
+            pass
 
     if not auth:
-        return
+        return Response(
+            body=b"",
+            status=401,
+            reason="UNAUTHORIZED",
+            headers={hdrs.WWW_AUTHENTICATE: 'Basic realm=""'},
+        )
 
     if auth.login is None or auth.password is None:
         return