-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: validate auth header in session request if provided #1251
feat: validate auth header in session request if provided #1251
Conversation
I guess the tests failing in python3.7 has nothing to do with the changes in the PR. |
@theborakompanioni ignore that CI test fail, it's a known bug that randomly we can get that relay fee failure. |
Yeah :) So, utACK for now, looks correct. |
Tested successfully with joinmarket-webui/jam#223 in case you are wondering. Wanted to write tests but the first few attempts failed. I cannot get my local environment to execute the tests successfully : / Using PS: New to python in general. Hopefully not introducing bugs with so little code. |
No worries. Feel free to write down any details of what's going wrong here, if you like. Not only that we can help you but also your experiences might tell us things, especially about 3.10, I'm personally always running 3.8 still and there may be important things to address there. |
Python 3.10 should work, such tests pass in #1218 (failure with insufficient fee there is known issue happening from time to time, not related to Python versions). |
Updated API docs as well. Hope the optional security spec is working (it should be, according to OAI/OpenAPI-Specification#14)
I will revisit this at a later point and hopefully can provide useful insights. 🙏 |
Added four checks of |
Thank you, Adam. Great additions. I will strive for all future changes to include tests so you don't have too much additional work on your plate.
Very happy 🙏 |
Closes #1244.
Before this PR, the
/session
endpoint ignores a potentially provided token in theAuthorization
header.After this PR, the
/session
endpoint validates a token provided in theAuthorization
header and will respond with401 Unauthorized
if the token is invalid.See #1244 on why this might be beneficial for API users. Summary: It seems like a good alternative to polling an authenticated endpoint and a less error-prone solution than relying on websocket server closes.