authorization: improve error message for invalid auth headers

Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-08-27 06:11:55 -04:00 · 2021-08-27 06:11:55 -04:00 · dfb8da6e3e
parent b040640813
commit dfb8da6e3e
1 changed files with 12 additions and 7 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -526,17 +526,22 @@ class Authorization:
        auth_token: Optional[str] = request.headers.get("Authorization")
        if auth_token is None:
            auth_token = request.headers.get("X-Access-Token")
-        if auth_token and auth_token.startswith("Bearer "):
-            auth_token = auth_token[7:]
+            if auth_token is None:
+                qtoken = request.query_arguments.get('access_token', None)
+                if qtoken is not None:
+                    auth_token = qtoken[-1].decode()
        else:
-            qtoken = request.query_arguments.get('access_token', None)
-            if qtoken is not None:
-                auth_token = qtoken[-1].decode()
+            if auth_token.startswith("Bearer "):
+                auth_token = auth_token[7:]
+            else:
+                raise HTTPError(
+                    401, f"Invalid Authorization Header: {auth_token}")
        if auth_token:
            try:
                return self._decode_jwt(auth_token)
-            except Exception as e:
-                raise HTTPError(401, str(e))
+            except Exception:
+                logging.exception(f"JWT Decode Error {auth_token}")
+                raise HTTPError(401, f"Error decoding JWT: {auth_token}")
        return None

    def _check_authorized_ip(self, ip: IPAddr) -> bool: