Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Handled error in OAuth2ExtraTokenMiddleware when authheader has Bearer with no token-string following up #1502

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Fixed Handled error in OAuth2ExtraTokenMiddleware when authheader has Bearer with no token-string following up #1502

wants to merge 10 commits into from

Conversation

Tuhin-thinks
Copy link

Fixed the crash in application while using OAuth2ExtraTokenMiddleware. When Bearer token passed is empty.
Authorization: Bearer would result in this crash.

Fixes #1496

Description of the Change

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@n2ygk n2ygk added this to the Release 3.1.0 milestone Sep 22, 2024
@n2ygk n2ygk force-pushed the bug/1496/unhandled-empty-bearer-token-exception branch from 3efa9a5 to f87c5f4 Compare September 22, 2024 17:56
n2ygk
n2ygk requested changes Sep 22, 2024
View reviewed changes
Copy link
Member

@n2ygk n2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this fix. Please also add a test case in tests/test_auth_backends.py to assure full code coverage.

oauth2_provider/middleware.py Outdated
Comment on lines 55 to 56
if authheader.startswith("Bearer") and len(authheader.split(maxsplit=1)) == 2:
tokenstring = authheader.split(maxsplit=1)[1]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest not calling split() twice:

Suggested change
if authheader.startswith("Bearer") and len(authheader.split(maxsplit=1)) == 2:
tokenstring = authheader.split(maxsplit=1)[1]
splits = autheader.split(maxsplit=1)
if authheader.startswith("Bearer") and len(splits) == 2:
tokenstring = splits[1]

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your suggestion, I will make the changes by today!

Tuhin-thinks and others added 7 commits October 2, 2024 23:24
@Tuhin-thinks
Merge branch 'master' into bug/1496/unhandled-empty-bearer-token-exce…
f209f10 
…ption
@pre-commit-ci @Tuhin-thinks
[pre-commit.ci] pre-commit autoupdate (jazzband#1504)
6465b1d 
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.6.5 → v0.6.7](astral-sh/ruff-pre-commit@v0.6.5...v0.6.7)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
@dependabot @Tuhin-thinks
Bump rollup from 4.21.3 to 4.22.4 in /tests/app/rp (jazzband#1505)
574208b
@pre-commit-ci @Tuhin-thinks
[pre-commit.ci] pre-commit autoupdate (jazzband#1509)
63df0ae 
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.6.7 → v0.6.8](astral-sh/ruff-pre-commit@v0.6.7...v0.6.8)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
@dopry @Tuhin-thinks
feat: allowed_origins and redirect_uris wildcards (jazzband#1508)
3f9795d
@Tuhin-thinks
Merge branch 'bug/1496/unhandled-empty-bearer-token-exception' of htt…
ac5aacd 
…ps://github.com/Tuhin-thinks/django-oauth-toolkit into bug/1496/unhandled-empty-bearer-token-exception
@Tuhin-thinks
changed middleware.py to optimize usage of variables.
d7ff603
@dopry
Copy link
Contributor

dopry commented Oct 4, 2024

@Tuhin-thinks this looks good. I think the last task to get this merge ready is the test.

@Tuhin-thinks
Copy link
Author

@dopry Thanks, I am getting them ready.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n2ygk n2ygk n2ygk requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 3.1.0
Development

Successfully merging this pull request may close these issues.

Empty Bearer token results in unhandled exception
3 participants
@Tuhin-thinks @dopry @n2ygk