Merge branch 'main' into pr820

codecov · Sep 12, 2024 · 5ab7aec · 5ab7aec
2 parents 1cb9690 + 177d212
commit 5ab7aec
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/codecov_auth/authentication/__init__.py b/codecov_auth/authentication/__init__.py
@@ -1,6 +1,7 @@
 import logging
 
 from django.conf import settings
+from django.core.exceptions import ValidationError
 from django.utils import timezone
 from rest_framework import authentication, exceptions
 
@@ -28,7 +29,7 @@ def authenticate(self, request):
     def authenticate_credentials(self, token):
         try:
             token = UserToken.objects.select_related("owner").get(token=token)
-        except UserToken.DoesNotExist:
+        except (UserToken.DoesNotExist, ValidationError):
             raise exceptions.AuthenticationFailed("Invalid token.")
 
         if token.valid_until is not None and token.valid_until <= timezone.now():

diff --git a/codecov_auth/tests/unit/test_authentication.py b/codecov_auth/tests/unit/test_authentication.py
@@ -54,6 +54,13 @@ def test_bearer_token_auth_invalid_token(self):
         with pytest.raises(AuthenticationFailed):
             authenticator.authenticate(request)
 
+    def test_token_not_uuid(self):
+        request_factory = APIRequestFactory()
+        request = request_factory.get("", HTTP_AUTHORIZATION="Bearer hello_world")
+        authenticator = UserTokenAuthentication()
+        with pytest.raises(AuthenticationFailed):
+            authenticator.authenticate(request)
+
     def test_bearer_token_auth_expired_token(self):
         user_token = UserTokenFactory(valid_until=datetime.now() - timedelta(seconds=1))