From 3a732793bb441df78cf65f1f2e95714acc1af5a4 Mon Sep 17 00:00:00 2001 From: mkouremetis Date: Tue, 26 Sep 2023 16:59:12 -0400 Subject: [PATCH] checking for None type for key value before comparing digest --- app/service/auth_svc.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/app/service/auth_svc.py b/app/service/auth_svc.py index 618ba29d1..d3f9a27de 100644 --- a/app/service/auth_svc.py +++ b/app/service/auth_svc.py @@ -139,16 +139,16 @@ async def login_redirect(self, request, use_template=True): raise e def request_has_valid_api_key(self, request): - api_key = request.headers.get(HEADER_API_KEY) - - if api_key is None: + request_api_key = request.headers.get(HEADER_API_KEY) + if request_api_key is None: return False - if compare_digest(api_key, self.get_config(CONFIG_API_KEY_RED)): - return True - if compare_digest(api_key, self.get_config(CONFIG_API_KEY_BLUE)): - return True + for i in [CONFIG_API_KEY_RED, CONFIG_API_KEY_BLUE]: + api_key = self.get_config(i) + if api_key is not None and compare_digest(request_api_key, api_key): + return True return False + async def request_has_valid_user_session(self, request): return await aiohttp_security_api.authorized_userid(request) is not None @@ -171,9 +171,9 @@ async def get_permissions(self, request): identity = await identity_policy.identify(request) if identity in self.user_map: return [self.Access[p.upper()] for p in self.user_map[identity].permissions] - elif request.headers.get('KEY') == self.get_config('api_key_red'): + elif request.headers.get(HEADER_API_KEY) == self.get_config(CONFIG_API_KEY_RED): return self.Access.RED, self.Access.APP - elif request.headers.get('KEY') == self.get_config('api_key_blue'): + elif request.headers.get(HEADER_API_KEY) == self.get_config(CONFIG_API_KEY_BLUE): return self.Access.BLUE, self.Access.APP return ()