From 1db26531a18332f22ddfd14e9fa01efc1555888b Mon Sep 17 00:00:00 2001
From: Chris Meyers <chris.meyers.fsu@gmail.com>
Date: Mon, 19 Oct 2015 14:49:15 -0400
Subject: [PATCH] if basic auth in headers, don't use cookie token

* Allows for basic auth to be used when cookie token fails
---
 awx/api/authentication.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/awx/api/authentication.py b/awx/api/authentication.py
index 8c1eceac97..72dccc61f4 100644
--- a/awx/api/authentication.py
+++ b/awx/api/authentication.py
@@ -50,7 +50,10 @@ class TokenAuthentication(authentication.TokenAuthentication):
         auth = TokenAuthentication._get_x_auth_token_header(request).split()
         if not auth or auth[0].lower() != 'token':
             auth = authentication.get_authorization_header(request).split()
-            if not auth or auth[0].lower() != 'token':
+            # Prefer basic auth over cookie token
+            if auth and auth[0].lower() == 'basic':
+                return None
+            elif not auth or auth[0].lower() != 'token':
                 auth = TokenAuthentication._get_auth_token_cookie(request).split()
                 if not auth or auth[0].lower() != 'token':
                     return None