zenon/web-application-engineering
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added additional safety for missing header and invalid token

Browse Source
This commit is contained in:
Martin 2021-03-24 18:31:01 +01:00
parent 7f4e260532
commit e9b0376f22
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
backend/app_be/views/rest_api.py
View File

@ -21,13 +21,18 @@ class TestApiClass:
class LoginClass: class LoginClass:
@staticmethod @staticmethod
@api_view(['GET']) @api_view(['GET'])
def login(request:requests.Request): def login(request: requests.Request):
logger.debug('Validating request: {}'.format(request)) logger.debug('Validating request: {}'.format(request))
if 'Authorization' not in request.headers:
print(f"Authorization header missing")
logger.error(f"Authorization header missing")
return JsonResponse({}, status=401)
bearer = request.headers['Authorization'] bearer = request.headers['Authorization']
if len(bearer.split()) < 2: if len(bearer.split()) < 2:
return JsonResponse({},status=401) return JsonResponse({}, status=401)
jwt = bearer.split()[1] jwt = bearer.split()[1]
@ -36,7 +41,10 @@ class LoginClass:
except PyJwtException as e: except PyJwtException as e:
print(f"Exception caught. Error: {e}") print(f"Exception caught. Error: {e}")
logger.error(f"Exception caught. Error: {e}") logger.error(f"Exception caught. Error: {e}")
return JsonResponse({},status=401) return JsonResponse({}, status=401)
except UnicodeDecodeError as e2:
print(f"Exception caught. Error: {e2}")
logger.error(f"Exception caught. Error: {e2}")
return JsonResponse({}, status=401)
return JsonResponse({}, safe=False, status=200) return JsonResponse({}, safe=False, status=200)