500 Internal Server Error for API pages requiring authentication

Hello,

I was trying to connect a third party application to my Home Assistant through the API and my IP got banned after trying a few times to understand how to correctly configure the authentication data. Before having my IP banned I was receiving “401 Unauthorised Access” errors.

I then removed the content of the file ip_bans.yaml thinking that I would then be able to continue my testing.

It seems that now every call I am doing to an API url while non authenticated but requiring authentication is raising an error 500 Internal Server Error with the following logs:

2019-01-09 20:49:24 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/aiohttp/web_protocol.py", line 390, in start
    resp = await self._request_handler(request)
  File "/usr/local/lib/python3.5/dist-packages/aiohttp/web_app.py", line 366, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.5/dist-packages/aiohttp/web_middlewares.py", line 106, in impl
    return await handler(request)
  File "/usr/local/lib/python3.5/dist-packages/homeassistant/components/http/static.py", line 66, in staticresource_middleware
    return await handler(request)
  File "/usr/local/lib/python3.5/dist-packages/homeassistant/components/http/real_ip.py", line 34, in real_ip_middleware
    return await handler(request)
  File "/usr/local/lib/python3.5/dist-packages/homeassistant/components/http/auth.py", line 99, in auth_middleware
    return await handler(request)
  File "/usr/local/lib/python3.5/dist-packages/homeassistant/components/http/view.py", line 115, in handle
    result = handler(request, **request.match_info)
  File "/usr/local/lib/python3.5/dist-packages/homeassistant/components/api.py", line 194, in get
    user = request['hass_user']
  File "/usr/local/lib/python3.5/dist-packages/aiohttp/web_request.py", line 201, in __getitem__
    return self._state[key]
KeyError: 'hass_user'

I tried to remove the file ip_bans.yaml ; create it again as an empty file ; and changing my configuration to ip_ban_enabled: False but I keep getting the same error.

But if I connect with the correct value for the Header Authorization through Postman I get the correct response from Home Assistant. And I also get no error at all if I try to connect to API urls that don’t require authentication (like https://<ha_server>/api/ )

Would anybody know what I would need to do to stop this 500 error and continue getting the 401 error when trying to access the API with incorrect parameters?

Thanks a lot
Ben