File tree 1 file changed +5
-1
lines changed
1 file changed +5
-1
lines changed Original file line number Diff line number Diff line change 2525from django .shortcuts import render
2626from django .utils import translation
2727from django .utils .cache import patch_vary_headers
28+ from django .utils .crypto import constant_time_compare
2829from django .utils .deprecation import MiddlewareMixin
2930from django .utils .log import log_response
3031from django .utils .translation import gettext as _
@@ -704,7 +705,10 @@ def validate_scim_bearer_token(request: HttpRequest) -> Optional[SCIMClient]:
704705 assert valid_bearer_token
705706 assert scim_client_name
706707
707- if request .headers .get ("Authorization" ) != f"Bearer { valid_bearer_token } " :
708+ authorization = request .headers .get ("Authorization" )
709+ if authorization is None or not constant_time_compare (
710+ authorization , f"Bearer { valid_bearer_token } "
711+ ):
708712 return None
709713
710714 request_notes = RequestNotes .get_notes (request )
You can’t perform that action at this time.
0 commit comments