Added additional safety for missing header and invalid token

2021-03-24 18:31:01 +01:00 · 2021-03-24 18:31:01 +01:00 · e9b0376f22
commit e9b0376f22
parent 7f4e260532
1 changed files with 12 additions and 4 deletions
--- a/backend/app_be/views/rest_api.py
+++ b/backend/app_be/views/rest_api.py
@ -21,13 +21,18 @@ class TestApiClass:
 class LoginClass:
    @staticmethod
    @api_view(['GET'])
-    def login(request:requests.Request):
+    def login(request: requests.Request):
        logger.debug('Validating request: {}'.format(request))

+        if 'Authorization' not in request.headers:
+            print(f"Authorization header missing")
+            logger.error(f"Authorization header missing")
+            return JsonResponse({}, status=401)
+
        bearer = request.headers['Authorization']

        if len(bearer.split()) < 2:
-            return JsonResponse({},status=401)
+            return JsonResponse({}, status=401)

        jwt = bearer.split()[1]

@ -36,7 +41,10 @@ class LoginClass:
        except PyJwtException as e:
            print(f"Exception caught. Error: {e}")
            logger.error(f"Exception caught. Error: {e}")
-            return JsonResponse({},status=401)
+            return JsonResponse({}, status=401)
+        except UnicodeDecodeError as e2:
+            print(f"Exception caught. Error: {e2}")
+            logger.error(f"Exception caught. Error: {e2}")
+            return JsonResponse({}, status=401)

        return JsonResponse({}, safe=False, status=200)
-