disable Basic Auth to remove dependency on deprecated crypt library

[peterbecich]

Closes: #1153

This PR disables Basic Auth, per this comment: #1153 (comment) Basic Auth is disabled in the simplest possible way, by returning a UnrecognizedAuthError. More could be done to completely delete Basic Auth. Is this sufficient for now?

hackage-server builds successfully without the crypt library.

I have barely tested this; I am able to log in with the "admin" account on Hackage running locally.

[gbaz]

I think it would be better to get rid of that file entirely and change here (

hackage-server/src/Distribution/Server/Framework/Auth.hs

Line 103 in b4ea1c7

checkAuthenticated :: ServerMonad m => RealmName -> Users.Users -> m (Either AuthError (UserId, UserInfo))

) to return a response about basic auth not being supported any longer.

[peterbecich]

@gbaz , do you want checkTokenAuth removed, as well?

hackage-server/src/Distribution/Server/Framework/Auth.hs

Lines 103 to 111 in b6080f3

	checkAuthenticated :: ServerMonad m => RealmName -> Users.Users -> m (Either AuthError (UserId, UserInfo))
	checkAuthenticated realm users = do
	req <- askRq
	return $ case getHeaderAuth req of
	Just (DigestAuth, ahdr) -> checkDigestAuth users ahdr req
	Just _ | plainHttp req -> Left InsecureAuthError
	Just (BasicAuth, ahdr) -> checkBasicAuth users realm ahdr
	Just (AuthToken, ahdr) -> checkTokenAuth users ahdr
	Nothing -> Left NoAuthError

[peterbecich]

@andreasabel , would you review this? Is it adequate as is? We can further remove the old auth system later IMO.

Merging this will unblock #1154