Mirror/robosats
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats.git synced 2025-01-18 12:11:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Return json output instead of html when wrong token in Header Authorization (#1247)

Browse Source 
fix #1246

Return a JsonResponse instead of raising AuthenticationFailed
Exception that is turned into the general html error by django.

rest_framework.response.Response should not be used in middleware,
will return django.template.response.ContentNotRenderedError.
This commit is contained in:
jerry 2024-04-29 23:08:46 +00:00 committed by GitHub
parent c623a38574
commit c3d1cd2472
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
robosats/middleware.py
View File

@ -8,8 +8,8 @@ from django.conf import settings
from django.contrib.auth.models import AnonymousUser, User, update_last_login from django.contrib.auth.models import AnonymousUser, User, update_last_login
from django.utils import timezone from django.utils import timezone
from django.utils.deprecation import MiddlewareMixin from django.utils.deprecation import MiddlewareMixin
from django.http import JsonResponse
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from rest_framework.exceptions import AuthenticationFailed
from robohash import Robohash from robohash import Robohash
from api.nick_generator.nick_generator import NickGenerator from api.nick_generator.nick_generator import NickGenerator
@ -79,8 +79,11 @@ class RobotTokenSHA256AuthenticationMiddleWare:
return response return response
if not is_valid_token(token_sha256_b91): if not is_valid_token(token_sha256_b91):
raise AuthenticationFailed( return JsonResponse(
"Robot token SHA256 was provided in the header. However it is not a valid 39 or 40 characters Base91 string." {
"bad_request": "Robot token SHA256 was provided in the header. However it is not a valid 39 or 40 characters Base91 string."
},
status=400,
) )
# Check if it is an existing robot. # Check if it is an existing robot.
@ -123,8 +126,11 @@ class RobotTokenSHA256AuthenticationMiddleWare:
encrypted_private_key = request.COOKIES.get("encrypted_private_key", "") encrypted_private_key = request.COOKIES.get("encrypted_private_key", "")
if not public_key or not encrypted_private_key: if not public_key or not encrypted_private_key:
raise AuthenticationFailed( return JsonResponse(
"On the first request to a RoboSats coordinator, you must provide as well a valid public and encrypted private PGP keys" {
"bad_request": "On the first request to a RoboSats coordinator, you must provide as well a valid public and encrypted private PGP keys"
},
status=400,
) )
( (
valid, valid,
@ -133,7 +139,7 @@ class RobotTokenSHA256AuthenticationMiddleWare:
encrypted_private_key, encrypted_private_key,
) = validate_pgp_keys(public_key, encrypted_private_key) ) = validate_pgp_keys(public_key, encrypted_private_key)
if not valid: if not valid:
raise AuthenticationFailed(bad_keys_context) return JsonResponse({"bad_request": bad_keys_context}, status=400)
# Hash the token_sha256, only 1 iteration. # Hash the token_sha256, only 1 iteration.
# This is the second SHA256 of the user token, aka RoboSats ID # This is the second SHA256 of the user token, aka RoboSats ID