-
-
Notifications
You must be signed in to change notification settings - Fork 794
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed Handled error in OAuth2ExtraTokenMiddleware when authheader has Bearer
with no token-string following up
#1502
base: master
Are you sure you want to change the base?
Conversation
3efa9a5
to
f87c5f4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this fix. Please also add a test case in tests/test_auth_backends.py
to assure full code coverage.
oauth2_provider/middleware.py
Outdated
if authheader.startswith("Bearer") and len(authheader.split(maxsplit=1)) == 2: | ||
tokenstring = authheader.split(maxsplit=1)[1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest not calling split() twice:
if authheader.startswith("Bearer") and len(authheader.split(maxsplit=1)) == 2: | |
tokenstring = authheader.split(maxsplit=1)[1] | |
splits = autheader.split(maxsplit=1) | |
if authheader.startswith("Bearer") and len(splits) == 2: | |
tokenstring = splits[1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your suggestion, I will make the changes by today!
updates: - [github.com/astral-sh/ruff-pre-commit: v0.6.5 → v0.6.7](astral-sh/ruff-pre-commit@v0.6.5...v0.6.7) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
updates: - [github.com/astral-sh/ruff-pre-commit: v0.6.7 → v0.6.8](astral-sh/ruff-pre-commit@v0.6.7...v0.6.8) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
…ps://github.com/Tuhin-thinks/django-oauth-toolkit into bug/1496/unhandled-empty-bearer-token-exception
@Tuhin-thinks this looks good. I think the last task to get this merge ready is the test. |
@dopry Thanks, I am getting them ready. |
Fixed the crash in application while using OAuth2ExtraTokenMiddleware. When Bearer token passed is empty.
Authorization: Bearer
would result in this crash.Fixes #1496
Description of the Change
Checklist
CHANGELOG.md
updated (only for user relevant changes)AUTHORS