[rc] 0.6.25-rc0

This commit is contained in:
Maxime Alves LIRMM 2023-02-08 12:53:32 +01:00
parent b4c37ea999
commit e5c25ede1f
4 changed files with 15 additions and 4 deletions

View File

@ -1,5 +1,9 @@
# HalfAPI
## 0.6.25
- Deletes the "Authorization" cookie on authentication error
## 0.6.24
- Uses the "Authorization" cookie to read authentication token additionnaly to the "Authorization" header

View File

@ -1,5 +1,5 @@
#!/usr/bin/env python3
__version__ = '0.6.24'
__version__ = '0.6.25-rc0'
def version():
return f'HalfAPI version:{__version__}'

View File

@ -32,7 +32,7 @@ from timing_asgi.integrations import StarletteScopeToName
from .lib.constants import API_SCHEMA_DICT
from .lib.domain_middleware import DomainMiddleware
from .lib.timing import HTimingClient
from .lib.jwt_middleware import JWTAuthenticationBackend
from .lib.jwt_middleware import JWTAuthenticationBackend, on_auth_error
from .lib.responses import (ORJSONResponse, UnauthorizedResponse,
NotFoundResponse, InternalServerErrorResponse, NotImplementedResponse,
ServiceUnavailableResponse, gen_exception_route)
@ -141,7 +141,8 @@ class HalfAPI(Starlette):
if SECRET:
self.add_middleware(
AuthenticationMiddleware,
backend=JWTAuthenticationBackend()
backend=JWTAuthenticationBackend(),
on_error=on_auth_error
)
if not PRODUCTION:

View File

@ -19,12 +19,13 @@ import jwt
from starlette.authentication import (
AuthenticationBackend, AuthenticationError, BaseUser, AuthCredentials,
UnauthenticatedUser)
from starlette.requests import HTTPConnection
from starlette.requests import HTTPConnection, Request
from starlette.exceptions import HTTPException
from .user import CheckUser, JWTUser, Nobody
from ..logging import logger
from ..conf import CONFIG
from ..lib.responses import ORJSONResponse
SECRET=None
@ -44,6 +45,11 @@ def cookies_from_scope(scope):
simple_cookie.load(cookie.decode("utf8"))
return {key: morsel.value for key, morsel in simple_cookie.items()}
def on_auth_error(request: Request, exc: Exception):
response = ORJSONResponse({"error": str(exc)}, status_code=401)
response.delete_cookie('Authorization')
return response
class JWTAuthenticationBackend(AuthenticationBackend):
def __init__(self, secret_key: str = SECRET,
algorithm: str = 'HS256', prefix: str = 'JWT'):