I am working on a app to feed contacts data to devices like SIP phones, so far everything is working pretty well.
But I am now trying to add a layer of security using basic auth. Yes, I know basic auth is very insecure, but I have no choice in this, as most SIP devices only support basic auth.
The problem I am coming across is that when I send a request to NC with a full basic auth header (username:password), NC returns a 401 and dose not trigger my function. But if I send a partial header (:password) the the function triggers as expected. This would work, but the problem is that my test devices require a username to send basic auth.
So is there a way to stop NC from processing the basic auth on my apps route? Or a way of intercepting the request before NC does its check?
So after many hours of trying things, from every example I could find to writing middleware and nothing working. I decided to try a NC users credentials, in the Basic auth heaader and to my surprise the method fired. So I guess basic auth in not blocked, but being intercepted.
The question now is how to disable NC auth mechanism on these requests.