Added additional safety for missing header and invalid token

2021-03-24 18:31:01 +01:00 · 2021-03-24 18:31:01 +01:00 · e9b0376f22
commit e9b0376f22
parent 7f4e260532
1 changed files with 12 additions and 4 deletions
--- a/backend/app_be/views/rest_api.py
+++ b/backend/app_be/views/rest_api.py
@ -24,6 +24,11 @@ class LoginClass:
    def login(request: requests.Request):
        logger.debug('Validating request: {}'.format(request))

+        if 'Authorization' not in request.headers:
+            print(f"Authorization header missing")
+            logger.error(f"Authorization header missing")
+            return JsonResponse({}, status=401)
+
        bearer = request.headers['Authorization']

        if len(bearer.split()) < 2:
@ -37,6 +42,9 @@ class LoginClass:
            print(f"Exception caught. Error: {e}")
            logger.error(f"Exception caught. Error: {e}")
            return JsonResponse({}, status=401)
+        except UnicodeDecodeError as e2:
+            print(f"Exception caught. Error: {e2}")
+            logger.error(f"Exception caught. Error: {e2}")
+            return JsonResponse({}, status=401)

        return JsonResponse({}, safe=False, status=200)
-