[rc] 0.6.25-rc0

2023-02-08 12:53:32 +01:00 · 2023-02-08 12:53:32 +01:00 · e5c25ede1f
parent b4c37ea999
commit e5c25ede1f
4 changed files with 15 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,9 @@
 # HalfAPI

+## 0.6.25
+
+- Deletes the "Authorization" cookie on authentication error
+
 ## 0.6.24

 - Uses the "Authorization" cookie to read authentication token additionnaly to the "Authorization" header
--- a/halfapi/init.py
+++ b/halfapi/init.py
@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-__version__ = '0.6.24'
+__version__ = '0.6.25-rc0'

 def version():
    return f'HalfAPI version:{__version__}'
--- a/halfapi/halfapi.py
+++ b/halfapi/halfapi.py
@ -32,7 +32,7 @@ from timing_asgi.integrations import StarletteScopeToName
 from .lib.constants import API_SCHEMA_DICT
 from .lib.domain_middleware import DomainMiddleware
 from .lib.timing import HTimingClient
-from .lib.jwt_middleware import JWTAuthenticationBackend
+from .lib.jwt_middleware import JWTAuthenticationBackend, on_auth_error
 from .lib.responses import (ORJSONResponse, UnauthorizedResponse,
    NotFoundResponse, InternalServerErrorResponse, NotImplementedResponse,
    ServiceUnavailableResponse, gen_exception_route)
@ -141,7 +141,8 @@ class HalfAPI(Starlette):
        if SECRET:
            self.add_middleware(
                AuthenticationMiddleware,
-                backend=JWTAuthenticationBackend()
+                backend=JWTAuthenticationBackend(),
+                on_error=on_auth_error
            )

        if not PRODUCTION:
--- a/halfapi/lib/jwt_middleware.py
+++ b/halfapi/lib/jwt_middleware.py
@ -19,12 +19,13 @@ import jwt
 from starlette.authentication import (
    AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials,
    UnauthenticatedUser)
-from starlette.requests import HTTPConnection
+from starlette.requests import HTTPConnection, Request
 from starlette.exceptions import HTTPException

 from .user import CheckUser, JWTUser, Nobody
 from ..logging import logger
 from ..conf import CONFIG
+from ..lib.responses import ORJSONResponse

 SECRET=None

@ -44,6 +45,11 @@ def cookies_from_scope(scope):
    simple_cookie.load(cookie.decode("utf8"))
    return {key: morsel.value for key, morsel in simple_cookie.items()}

+def on_auth_error(request: Request, exc: Exception):
+    response = ORJSONResponse({"error": str(exc)}, status_code=401)
+    response.delete_cookie('Authorization')
+    return response
+
 class JWTAuthenticationBackend(AuthenticationBackend):
    def __init__(self, secret_key: str = SECRET,
        algorithm: str = 'HS256', prefix: str = 'JWT'):