Skip to content

Commit

Permalink
add support back for using basic auth with API v2
Browse files Browse the repository at this point in the history
  • Loading branch information
@OmgImAlexis
OmgImAlexis committed Jan 4, 2017
1 parent a1fa504 commit 9fcd907
Showing 1 changed file with 13 additions and 6 deletions.
19 changes: 13 additions & 6 deletions medusa/server/api/v2/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from datetime import datetime
from babelfish.language import Language
import jwt
import base64

from six import text_type
from tornado.web import RequestHandler
Expand All @@ -23,12 +24,18 @@ def prepare(self):
token = ''
api_key = ''
if self.request.headers.get('Authorization'):
try:
token = jwt.decode(self.request.headers.get('Authorization').replace('Bearer ', ''), app.ENCRYPTION_SECRET, algorithms=['HS256'])
except jwt.ExpiredSignatureError:
self.api_finish(status=401, error='Token has expired.')
except jwt.DecodeError:
self.api_finish(status=401, error='Invalid token.')
if self.request.headers.get('Authorization').startswith('Bearer'):
try:
token = jwt.decode(self.request.headers.get('Authorization').replace('Bearer ', ''), app.ENCRYPTION_SECRET, algorithms=['HS256'])
except jwt.ExpiredSignatureError:
self.api_finish(status=401, error='Token has expired.')
except jwt.DecodeError:
self.api_finish(status=401, error='Invalid token.')
if self.request.headers.get('Authorization').startswith('Basic'):
auth_decoded = base64.decodestring(self.request.headers.get('Authorization')[6:])
username, password = auth_decoded.split(':', 2)
if username != app.WEB_USERNAME or password != app.WEB_PASSWORD:
self.api_finish(status=401, error='Invalid user/pass.')

if self.get_argument('api_key', default='') and self.get_argument('api_key', default='') == app.API_KEY:
api_key = self.get_argument('api_key', default='')
Expand Down

0 comments on commit 9fcd907

Please sign in to comment.