From 5f3ccbd690f9bcf44140949c20eedf90f2bd831c Mon Sep 17 00:00:00 2001
From: "Andres D. Molins" <amolinsdiaz@yahoo.es>
Date: Wed, 28 Feb 2024 15:54:49 +0100
Subject: [PATCH] Fix: Check request token exists before compare it to secret
 token of app.

---
 src/aleph/vm/orchestrator/views/__init__.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/aleph/vm/orchestrator/views/__init__.py b/src/aleph/vm/orchestrator/views/__init__.py
index a60423605..91ad43340 100644
--- a/src/aleph/vm/orchestrator/views/__init__.py
+++ b/src/aleph/vm/orchestrator/views/__init__.py
@@ -114,10 +114,12 @@ def authenticate_request(request: web.Request) -> None:
 
 @cors_allow_all
 async def about_login(request: web.Request) -> web.Response:
-    token = request.query.get("token")
-    if compare_digest(token, request.app["secret_token"]):
+    secret_token = request.app["secret_token"]
+    request_token = request.query.get("token")
+
+    if request_token and secret_token and compare_digest(request_token, secret_token):
         response = web.HTTPFound("/about/config")
-        response.cookies["token"] = token
+        response.cookies["token"] = request_token
         return response
     else:
         return web.json_response({"success": False}, status=401)