tanner/spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Require "Bearer" to be on custom auth tokens

Browse Source
This commit is contained in:
Tanner Collin
2020-02-27 23:06:23 +00:00
parent 4a117eff83
commit 314e4da620
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apiserver/apiserver/api/views.py
View File

@@ -318,7 +318,7 @@ class PingView(views.APIView):
class DoorViewSet(viewsets.ViewSet, List):
def list(self, request):
auth_token = request.META.get('HTTP_AUTHORIZATION', '')
if auth_token != secrets.DOOR_API_TOKEN:
if auth_token != 'Bearer ' + secrets.DOOR_API_TOKEN:
raise exceptions.PermissionDenied()
cards = models.Card.objects.filter(active_status='card_active')
@@ -385,6 +385,7 @@ class StatsViewSet(viewsets.ViewSet, List):
class BackupView(views.APIView):
def get(self, request):
auth_token = request.META.get('HTTP_AUTHORIZATION', '')
auth_token = auth_token.replace('Bearer ', '')
backup_user = secrets.BACKUP_TOKENS.get(auth_token, None)