From 314e4da6205d905a24509ff25793f2368ebd8a7c Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Thu, 27 Feb 2020 23:06:23 +0000
Subject: [PATCH] Require "Bearer" to be on custom auth tokens

---
 apiserver/apiserver/api/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index f05d341..3f9af50 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -318,7 +318,7 @@ class PingView(views.APIView):
 class DoorViewSet(viewsets.ViewSet, List):
     def list(self, request):
         auth_token = request.META.get('HTTP_AUTHORIZATION', '')
-        if auth_token != secrets.DOOR_API_TOKEN:
+        if auth_token != 'Bearer ' + secrets.DOOR_API_TOKEN:
             raise exceptions.PermissionDenied()
 
         cards = models.Card.objects.filter(active_status='card_active')
@@ -385,6 +385,7 @@ class StatsViewSet(viewsets.ViewSet, List):
 class BackupView(views.APIView):
     def get(self, request):
         auth_token = request.META.get('HTTP_AUTHORIZATION', '')
+        auth_token = auth_token.replace('Bearer ', '')
 
         backup_user = secrets.BACKUP_TOKENS.get(auth_token, None)