Fix OpenAPI documentation login

[DL6ER]

What does this implement/fix?

Recently, we switched from the previous challenge-response to password-based authentication (preferred to be sent over HTTPS). In this change, we forgot to adjust the login mechanism in the onboard OpenAPI documentation for Pi-hole's API. This is now done with this PR.

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[PromoFaux]

Of course, there is always the possibility that I'm doing something wrong but:

I note also that the image in the top left has disappeared again - wasn't that fixed already?

API Debug logs:

ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: ########## FTL started on pihole! ##########
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: FTL branch: fix/apidocslogin
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: FTL version: vDev-ab4717a
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: FTL commit: ab4717aa
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: FTL date: 2023-07-18 13:50:50 +0200
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: FTL user: pihole
ph-development-v6  | 2023-07-18 16:59:52.565 [237M] INFO: Compiled for linux/amd64 (compiled on CI) using cc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924

[SNIP]

ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: Requested API URI: POST /api/auth ? (null) (Content-Type application/json)
ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: Received payload with size: 20
ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: Processing POST /api/auth in /api/auth
ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: Read sid="yjlO2cKVcS0mQp8r/WutqQ=" from cookie
ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: Recognized known user: user_id 0, valid_until: 2023-07-18 17:06:38, remote_addr 172.19.0.1
ph-development-v6  | 2023-07-18 17:01:38.129 [237/T245] DEBUG_API: API Auth status: OK
ph-development-v6  | 2023-07-18 17:01:38.130 [237/T245] DEBUG_API: Done
ph-development-v6  | 2023-07-18 17:01:41.999 [237/T244] DEBUG_API: Requested API URI: GET /api/info/version ? (null) (Content-Type (null))
ph-development-v6  | 2023-07-18 17:01:41.999 [237/T244] DEBUG_API: Received no payload
ph-development-v6  | 2023-07-18 17:01:41.999 [237/T244] DEBUG_API: Read sid="yjlO2cKVcS0mQp8r/WutqQ=" from cookie
ph-development-v6  | 2023-07-18 17:01:41.999 [237/T244] DEBUG_API: API Authentication: FAIL (Cookie authentication without CSRF token)
ph-development-v6  | 2023-07-18 17:01:41.999 [237/T244] WARNING: API: Unauthorized

[DL6ER]

I note also that the image in the top left has disappeared again - wasn't that fixed already?

I did the coding whilst being on the train, it is a very likely possibility that this branch wasn't branched off of the most recent development-v6

Concerning the other issue: You'll have to have selected the exact same scheme you used to connect to the API at the very top of the screen. It has to match 100% or any modern browser will reject it as cross-site-kind-of-issue. So if you access it as https://pi.hole/api/docs or https://192.168.1.2/api/docs - everything from the scheme to the host needs to be exactly the same. But you may have succeeded in this and the Login button became red only later, this isn't really clear from your post.

Then

API Authentication: FAIL (Cookie authentication without CSRF token)

is the same issue we have had for pihole -g from web the other day. I will first have to find a way to patch this into the rapidoc framework (or, rather, switch to something else than cookie authentication which is the only method concerned with these CORS issues).

Putting the PR on hold until I have fixed this and will re-request review then. Thanks!

[DL6ER]

@PromoFaux Should be fixed and also rebased on latest development-v6 now (my local branch was indeed outdated)

[PromoFaux]

Still no joy here:

ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Requested API URI: POST /api/auth ? (null) (Content-Type application/json)
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Received payload with size: 20
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Processing POST /api/auth in /api/auth
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Read sid="ikjxHzAQkaJmnnmrGRdQSQ=" from cookie
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Recognized known user: user_id 0, valid_until: 2023-07-21 18:13:55, remote_addr 172.18.0.1
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: API Auth status: OK
ph-development-v6  | 2023-07-21 18:08:55.616 [237/T254] DEBUG_API: Done
ph-development-v6  | 2023-07-21 18:09:00.190 [237/T256] DEBUG_API: Requested API URI: GET /api/config ? detailed=false (Content-Type (null))
ph-development-v6  | 2023-07-21 18:09:00.190 [237/T256] DEBUG_API: Received no payload
ph-development-v6  | 2023-07-21 18:09:00.190 [237/T256] DEBUG_API: Read sid="ikjxHzAQkaJmnnmrGRdQSQ=" from cookie
ph-development-v6  | 2023-07-21 18:09:00.190 [237/T256] DEBUG_API: API Authentication: FAIL (Cookie authentication without CSRF token)
ph-development-v6  | 2023-07-21 18:09:00.190 [237/T256] WARNING: API: Unauthorized

[PromoFaux]

Confirmed latest commit fixes it