From 2da7145132956d4c0f02488e28133b9e35d16772 Mon Sep 17 00:00:00 2001
From: Matthias <xmatthias@outlook.com>
Date: Sat, 25 May 2019 14:25:16 +0200
Subject: [PATCH] Switch auth to real basic auth

---
 freqtrade/rpc/api_server.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/freqtrade/rpc/api_server.py b/freqtrade/rpc/api_server.py
index d2001e91a..14b15a3df 100644
--- a/freqtrade/rpc/api_server.py
+++ b/freqtrade/rpc/api_server.py
@@ -53,13 +53,16 @@ class ApiServer(RPC):
 
         return func_wrapper
 
+    def check_auth(self, username, password):
+        return (username == self._config['api_server'].get('username') and
+                password == self._config['api_server'].get('password'))
+
     def require_login(func):
 
         def func_wrapper(self, *args, **kwargs):
-            # Also accepts empty username/password if it's missing in both config and request
-            if (request.headers.get('username') == self._config['api_server'].get('username')
-               and request.headers.get('password') == self._config['api_server'].get('password')):
 
+            auth = request.authorization
+            if auth and self.check_auth(auth.username, auth.password):
                 return func(self, *args, **kwargs)
             else:
                 return jsonify({"error": "Unauthorized"}), 401