From f41ec93cbe185d81b5a9867ab1a6dbf475c6e58c Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 8 Aug 2014 15:36:00 -0400 Subject: [PATCH] management: dont raise an exception on a poorly formatted authentication header --- management/auth.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/management/auth.py b/management/auth.py index 80c9fcb1..01b2f8c0 100644 --- a/management/auth.py +++ b/management/auth.py @@ -47,11 +47,16 @@ class KeyAuthService: if header is None: return + if " " not in header: + return scheme, credentials = header.split(maxsplit=1) if scheme != 'Basic': return - username, password = decode(credentials).split(':', maxsplit=1) + credentials = decode(credentials) + if ":" not in credentials: + return + username, password = credentials.split(':', maxsplit=1) return username request_key = parse_api_key(request.headers.get('Authorization'))