Merge pull request #235 from eclecticiq/taxii2-raise-unauth

Taxii2 raise unauth
eclecticiq · Jul 11, 2022 · 7f58505 · 7f58505
2 parents 0ff2d9c + 54422a3
commit 7f58505
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,10 @@
 Changelog
 =========
 
+0.9.1 (2022-07-11)
+------------------
+* Implement `raise_unauthorized` for taxii2, this was missing and lead to 500 errors.
+
 0.9.0 (2022-06-13)
 ------------------
 * Allow custom properties. This can be disabled by config option ``allow_custom_properties``

diff --git a/opentaxii/_version.py b/opentaxii/_version.py
@@ -3,4 +3,4 @@
 This module defines the package version for use in __init__.py and setup.py.
 """
 
-__version__ = '0.9.0'
+__version__ = '0.9.1'
diff --git a/opentaxii/server.py b/opentaxii/server.py
@@ -417,6 +417,12 @@ def handle_validation_exception(self, error):
         }
         return make_taxii2_response(response, status=400)
 
+    def raise_unauthorized(self):
+        """
+        Handle unauthorized access.
+        """
+        raise Unauthorized()
+
     def get_endpoint(self, relative_path: str) -> Optional[Callable[[], Response]]:
         endpoint = None
         for regex, handler in self.ENDPOINT_MAPPING:

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -510,3 +510,9 @@ def prepare_inbox_message(version, blocks=None, dest_collection=None):
     else:
         raise ValueError('Unknown TAXII message version: %s' % version)
     return inbox_message
+
+
+def test_broken_bearer_token_taxii2(client):
+    headers = {HTTP_AUTHORIZATION: "Bearer broken"}
+    response = client.get("/taxii2/", headers=headers)
+    assert response.status_code == 401