Skip to content

Commit

Permalink
handle extra spaces in api key auth line (#2150)
Browse files Browse the repository at this point in the history
  • Loading branch information
sastels authored Mar 26, 2024
1 parent 8779e34 commit 6767588
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
2 changes: 1 addition & 1 deletion app/authentication/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def get_auth_token(req):
for el in AUTH_TYPES:
scheme, auth_type, _ = el
if auth_header.lower().startswith(scheme.lower()):
token = auth_header[len(scheme) + 1 :]
token = auth_header[len(scheme) + 1 :].strip()
return auth_type, token

raise AuthError(
Expand Down
8 changes: 8 additions & 0 deletions tests/app/authentication/test_authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,14 @@ def test_should_allow_auth_with_api_key_scheme(client, sample_api_key, scheme):
assert response.status_code == 200


def test_should_allow_auth_with_api_key_scheme_and_extra_spaces(client, sample_api_key):
api_key_secret = get_unsigned_secret(sample_api_key.id)
unsigned_secret = f"gcntfy-keyname-{sample_api_key.service_id}-{api_key_secret}"
response = client.get("/notifications", headers={"Authorization": f"ApiKey-v1 {unsigned_secret}"})

assert response.status_code == 200


def test_should_NOT_allow_auth_with_api_key_scheme_with_incorrect_format(client, sample_api_key):
api_key_secret = "fhsdkjhfdsfhsd" + get_unsigned_secret(sample_api_key.id)

Expand Down

0 comments on commit 6767588

Please sign in to comment.