Fix bug when user doesn't provide auth type

scitran · Feb 16, 2017 · ba2da70 · ba2da70
1 parent 7c6963a
commit ba2da70
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/api/web/base.py b/api/web/base.py
@@ -132,7 +132,12 @@ def authenticate_user_token(self, access_token):
             uid = cached_token['uid']
             self.request.logger.debug('looked up cached token in %dms', ((datetime.datetime.utcnow() - timestamp).total_seconds() * 1000.))
         else:
-            auth_type, token = access_token.split(' ', 1)
+            try:
+                auth_type, token = access_token.split(' ', 1)
+            except ValueError:
+                # If token is not cached, user must provide auth type in header
+                self.abort(401, 'Auth type not provided with token')
+
             uid = self.validate_oauth_token(auth_type, token, timestamp)
             self.request.logger.debug('looked up remote token in %dms', ((datetime.datetime.utcnow() - timestamp).total_seconds() * 1000.))
 
@@ -142,7 +147,7 @@ def authenticate_user_token(self, access_token):
                 'timestamp': timestamp,
                 'auth_type': auth_type
             }
-            dbutil.fault_tolerant_replace_one('authtokens', {'_id': access_token}, update, upsert=False)
+            dbutil.fault_tolerant_replace_one('authtokens', {'_id': token}, update, upsert=True)
 
         return uid