2025-12-23 15:01:24 +05:30
|
|
|
from django.http import JsonResponse
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class RejectBasicAuthMiddleware:
|
|
|
|
|
"""
|
|
|
|
|
Middleware that rejects HTTP Basic Authentication globally with a consistent message.
|
|
|
|
|
This ensures endpoints that override DRF authentication classes still reject Basic.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def __init__(self, get_response):
|
|
|
|
|
self.get_response = get_response
|
|
|
|
|
|
|
|
|
|
def __call__(self, request):
|
2026-01-05 17:34:08 +05:30
|
|
|
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
|
|
|
|
|
if isinstance(auth_header, str) and auth_header.startswith("Basic "):
|
2025-12-23 15:01:24 +05:30
|
|
|
return JsonResponse(
|
|
|
|
|
{
|
|
|
|
|
"error": "Basic authentication is disabled",
|
2026-01-05 17:34:08 +05:30
|
|
|
"detail": "Use Bearer token (JWT) in the Authorization header.",
|
2025-12-23 15:01:24 +05:30
|
|
|
},
|
2026-01-05 17:34:08 +05:30
|
|
|
status=401,
|
2025-12-23 15:01:24 +05:30
|
|
|
)
|
2026-01-05 17:34:08 +05:30
|
|
|
return self.get_response(request)
|
