authorization: relax auth header requirements
Don't raise an exception if the authorization header contains an invalid value, such as Basic auth. Ignore it and move on to the next step in authentication. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
parent
4ca39bec0a
commit
5a22b21a40
|
@ -648,20 +648,16 @@ class Authorization:
|
||||||
qtoken = request.query_arguments.get('access_token', None)
|
qtoken = request.query_arguments.get('access_token', None)
|
||||||
if qtoken is not None:
|
if qtoken is not None:
|
||||||
auth_token = qtoken[-1].decode()
|
auth_token = qtoken[-1].decode()
|
||||||
else:
|
elif auth_token.startswith("Bearer "):
|
||||||
if auth_token.startswith("Bearer "):
|
|
||||||
auth_token = auth_token[7:]
|
auth_token = auth_token[7:]
|
||||||
elif auth_token.startswith("Basic "):
|
|
||||||
raise HTTPError(401, "Basic Auth is not supported")
|
|
||||||
else:
|
else:
|
||||||
raise HTTPError(
|
return None
|
||||||
401, f"Invalid Authorization Header: {auth_token}")
|
|
||||||
if auth_token:
|
if auth_token:
|
||||||
try:
|
try:
|
||||||
return self.decode_jwt(auth_token)
|
return self.decode_jwt(auth_token)
|
||||||
except Exception:
|
except Exception:
|
||||||
logging.exception(f"JWT Decode Error {auth_token}")
|
logging.exception(f"JWT Decode Error {auth_token}")
|
||||||
raise HTTPError(401, f"Error decoding JWT: {auth_token}")
|
raise HTTPError(401, "JWT Decode Error")
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def _check_authorized_ip(self, ip: IPAddr) -> bool:
|
def _check_authorized_ip(self, ip: IPAddr) -> bool:
|
||||||
|
|
Loading…
Reference in New Issue