Skip to content
This repository has been archived by the owner on May 1, 2018. It is now read-only.

Non-uppercase scheme parameter results in failed permissions checks #13

Open
bfin opened this issue Sep 17, 2015 · 0 comments · May be fixed by #14
Open

Non-uppercase scheme parameter results in failed permissions checks #13

bfin opened this issue Sep 17, 2015 · 0 comments · May be fixed by #14

Comments

@bfin
Copy link

bfin commented Sep 17, 2015

Currently, any lowercase or mixed case scheme parameter passed to JWTAuthenticationPolicy() will fail checks because _get_params() applies the upper() method to the request's scheme name but not to the custom scheme name, to which it is compared.

Example:
With scheme = 'Bearer', all of these headers currently fail auth:
Authorization: Bearer token="..."
Authorization: bearer token="..."
Authorization: BEARER token="..."
But with scheme = 'BEARER', they all pass.

As the most commonly used scheme is (probably) the mixed cased 'Bearer', it should probably not automatically fail...grin.
@bfin bfin linked a pull request Sep 17, 2015 that will close this issue
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make custom scheme parameter case-insensitive
1 participant
@bfin