Commit f41ec93c authored by Joshua Tauberer's avatar Joshua Tauberer

management: dont raise an exception on a poorly formatted authentication header

parent 7e62131f
...@@ -47,11 +47,16 @@ class KeyAuthService: ...@@ -47,11 +47,16 @@ class KeyAuthService:
if header is None: if header is None:
return return
if " " not in header:
return
scheme, credentials = header.split(maxsplit=1) scheme, credentials = header.split(maxsplit=1)
if scheme != 'Basic': if scheme != 'Basic':
return return
username, password = decode(credentials).split(':', maxsplit=1) credentials = decode(credentials)
if ":" not in credentials:
return
username, password = credentials.split(':', maxsplit=1)
return username return username
request_key = parse_api_key(request.headers.get('Authorization')) request_key = parse_api_key(request.headers.get('Authorization'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment