From 0a51aacefe7afe91fa3bf5e766e1975bf6d272ff Mon Sep 17 00:00:00 2001 From: pini-gh Date: Fri, 19 Feb 2021 00:26:26 +0100 Subject: [PATCH] API token: support any casing for 'Bearer' (#343) * API token: support any casing for 'Bearer' Fixes singularityhub/sregistry#342 * running black formatting, version bump Signed-off-by: vsoch Co-authored-by: vsoch --- CHANGELOG.md | 1 + VERSION | 2 +- shub/apps/library/views/helpers.py | 9 ++++++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35e2d3f5..f035bc45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ represented by the pull requests that fixed them. Critical items to know are: ## [master](https://github.com/singularityhub/sregistry/tree/master) (master) + - allowing for Bearer token to have any casing (1.1.31) - adding minio environment file to https docker-compose (1.1.3) - enforcing usernames to be all lowercase (1.1.29) - Added ability to specify Minio direct download from interface (1.1.28) diff --git a/VERSION b/VERSION index 781dcb07..c1847bf9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.3 +1.1.31 diff --git a/shub/apps/library/views/helpers.py b/shub/apps/library/views/helpers.py index c5b4100f..956bcd21 100644 --- a/shub/apps/library/views/helpers.py +++ b/shub/apps/library/views/helpers.py @@ -31,8 +31,9 @@ def validate_token(request): token = request.META.get("HTTP_AUTHORIZATION") if token: try: - token = token.split(" ")[-1] # Get rid of BEARER or Bearer - Token.objects.get(key=token.strip()) + Token.objects.get( + key=re.sub("bearer", "", token, flags=re.IGNORECASE).strip() + ) return True except Token.DoesNotExist: pass @@ -48,7 +49,9 @@ def get_token(request): if token: try: - return Token.objects.get(key=token.replace("BEARER", "").strip()) + return Token.objects.get( + key=re.sub("bearer", "", token, flags=re.IGNORECASE).strip() + ) except Token.DoesNotExist: pass