Skip to content

Commit

Permalink
Use the correct abort method
Browse files Browse the repository at this point in the history
  • Loading branch information
portante committed Dec 22, 2022
1 parent 4292ae8 commit d790479
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions lib/pbench/server/auth/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@
import os
from typing import Optional

from flask import abort, request
from flask import request
from flask_httpauth import HTTPTokenAuth
from flask_restful import abort
import jwt

from pbench.server.auth import OpenIDClient, OpenIDClientError
Expand Down Expand Up @@ -60,26 +61,29 @@ def get_secret_key(self):

def get_auth_token(self, logger):
# get auth token
example = (
"Please add Authorization header with Bearer token as,"
" 'Authorization: Bearer <session_token>'"
)
auth_header = request.headers.get("Authorization")

if not auth_header:
abort(
HTTPStatus.FORBIDDEN,
message="Please add authorization token as 'Authorization: Bearer <session_token>'",
message=f"No Authorization header provided. {example}",
)

try:
auth_schema, auth_token = auth_header.split()
auth_schema, auth_token = auth_header.split(" ", 1)
except ValueError:
abort(
HTTPStatus.UNAUTHORIZED,
message="Malformed Authorization header, please add request header as Authorization: Bearer <session_token>",
message=f"Malformed Authorization header. {example}",
)
else:
if auth_schema.lower() != "bearer":
abort(
HTTPStatus.UNAUTHORIZED,
message="Malformed Authorization header, request needs bearer token: Bearer <session_token>",
message=f"Malformed Authorization header. {example}",
)
return auth_token

Expand Down

0 comments on commit d790479

Please sign in to comment.