Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Return 401 for API request with Invalid Authorization #3663

Closed
wants to merge 9 commits into from
Closed

Fix: Return 401 for API request with Invalid Authorization #3663

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
606d6c4
Fix: Change API behavior to return 401 Unauthorized instead of 403 Fo…
carlosm22700 Jan 15, 2024
8371936
change HEADERS to headers to align with drf
carlosm22700 Jan 15, 2024
d84d972
revert changes and refactor to follow DRF best practices
carlosm22700 Feb 9, 2024
6269210
remove uneeded import
carlosm22700 Feb 9, 2024
daf8d04
Merge branch 'main' into api-authentication-fix
dhruvkb Feb 9, 2024
48b9c92
Fix import order
dhruvkb Feb 9, 2024
8c2a9f7
Fix: Return 401 for API request with Invalid Authorizatio by implemen…
carlosm22700 Feb 18, 2024
fd01898
fix: return 401 when authorization is invalid when including header b…
carlosm22700 Feb 18, 2024
6fdad97
Restore deleted middleware for logging purposes.
carlosm22700 Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions api/api/views/oauth2_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from rest_framework.response import Response
from rest_framework.reverse import reverse
from rest_framework.views import APIView
from rest_framework.exceptions import AuthenticationFailed

from drf_spectacular.utils import extend_schema
from oauth2_provider.generators import generate_client_secret
Expand Down Expand Up @@ -173,15 +174,14 @@ def get(self, request, format=None):
> token has expired.
"""

# TODO: Replace 403 responses with DRF `authentication_classes`.
if not request.auth:
return Response(status=403, data="Forbidden")
if "Authorization" in request.headers and not request.auth:
raise AuthenticationFailed(detail="Invalid credentials")

access_token = str(request.auth)
client_id, rate_limit_model, verified = get_token_info(access_token)

if not client_id:
return Response(status=403, data="Forbidden")
raise AuthenticationFailed(detail="Invalid credentials")

throttle_type = rate_limit_model
throttle_key = "throttle_{scope}_{client_id}"
Expand Down
Loading