make sure bearer and basic auth policies explicitly look at diff auth

plone · Nov 23, 2016 · 5914ecb · 5914ecb
1 parent 87cdb0e
commit 5914ecb
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/plone.server/plone/server/auth/policies.py b/src/plone.server/plone/server/auth/policies.py
@@ -21,9 +21,9 @@ async def extract_token(self):
         header_auth = self.request.headers.get('AUTHORIZATION')
         if header_auth is not None:
             schema, _, encoded_token = header_auth.partition(' ')
-            if schema.lower() == 'basic' or schema.lower() == 'bearer':
+            if schema.lower() == 'bearer':
                 return {
-                    'password': encoded_token
+                    'password': encoded_token.strip()
                 }
 
 
@@ -45,11 +45,11 @@ async def extract_token(self):
         header_auth = self.request.headers.get('AUTHORIZATION')
         if header_auth is not None:
             schema, _, encoded_token = header_auth.partition(' ')
-            if schema.lower() == 'basic' or schema.lower() == 'bearer':
+            if schema.lower() == 'basic':
                 userid, _, password = encoded_token.partition(':')
                 return {
-                    'id': userid,
-                    'password': password
+                    'id': userid.strip(),
+                    'password': password.strip()
                 }