[PATCH 1 of 5] auth: do not redirect to login page on invalid API key
Thomas De Schampheleire
patrickdepinguin at gmail.com
Wed Mar 25 07:01:29 EDT 2015
# HG changeset patch
# User Thomas De Schampheleire <thomas.de.schampheleire at gmail.com>
# Date 1427269791 -3600
# Wed Mar 25 08:49:51 2015 +0100
# Node ID c5828585502f1a061f162abe8cbd181c17039843
# Parent 6017996e4dcfda0f5623498a45c51bb184eb67bb
auth: do not redirect to login page on invalid API key
When accessing Kallithea through an API call, providing an API key, it
doesn't make sense to redirect to a login page on failed authentication.
Instead, raise a 401 Unauthorized exception.
The WWW-authenticate header is a mandatory element for 401 Unauthorized, as
specified by RFC 7235. The exact contents do not seem to be important, so
define a custom auth scheme 'APIKEY' with a realm of 'Kallithea'.
diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -58,6 +58,7 @@
get_user_group_slug, conditional_cache
from kallithea.lib.caching_query import FromCache
+from webob.exc import HTTPUnauthorized
log = logging.getLogger(__name__)
@@ -763,6 +764,8 @@
log.debug("API KEY *NOT* present in request")
else:
log.warning("API KEY ****%s *NOT* valid" % _api_key[-4:])
+ headers = [('WWW-Authenticate', 'APIKEY realm="Kallithea"')]
+ raise HTTPUnauthorized(headers=headers)
log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'
More information about the kallithea-general
mailing list