authorization: relax auth header requirements

Don't raise an exception if the authorization header contains an
invalid value, such as Basic auth.  Ignore it and move on to the
next step in authentication.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2022-11-21 19:15:52 -05:00
parent 4ca39bec0a
commit 5a22b21a40
No known key found for this signature in database
GPG Key ID: 5A1EB336DFB4C71B
1 changed files with 4 additions and 8 deletions

View File

@ -648,20 +648,16 @@ class Authorization:
qtoken = request.query_arguments.get('access_token', None) qtoken = request.query_arguments.get('access_token', None)
if qtoken is not None: if qtoken is not None:
auth_token = qtoken[-1].decode() auth_token = qtoken[-1].decode()
else: elif auth_token.startswith("Bearer "):
if auth_token.startswith("Bearer "):
auth_token = auth_token[7:] auth_token = auth_token[7:]
elif auth_token.startswith("Basic "):
raise HTTPError(401, "Basic Auth is not supported")
else: else:
raise HTTPError( return None
401, f"Invalid Authorization Header: {auth_token}")
if auth_token: if auth_token:
try: try:
return self.decode_jwt(auth_token) return self.decode_jwt(auth_token)
except Exception: except Exception:
logging.exception(f"JWT Decode Error {auth_token}") logging.exception(f"JWT Decode Error {auth_token}")
raise HTTPError(401, f"Error decoding JWT: {auth_token}") raise HTTPError(401, "JWT Decode Error")
return None return None
def _check_authorized_ip(self, ip: IPAddr) -> bool: def _check_authorized_ip(self, ip: IPAddr) -> bool: