5apps/liquor-cabinet
5apps/liquor-cabinet
4
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Activity

Return 401 when getting an empty bearer token

Browse Source 
For example:

Authorization: Bearer

The cause of the empty bearer also needs to be investigated
This commit is contained in:
Greg Karékinian 2016-07-20 17:27:44 +02:00
parent 14d462be41
commit ad0ea12059
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/remote_storage/swift.rb
View File

@ -24,7 +24,7 @@ module RemoteStorage
return true if ["GET", "HEAD"].include?(request_method) && !listing return true if ["GET", "HEAD"].include?(request_method) && !listing
end end
server.halt 401, "Unauthorized" if token.empty? server.halt 401, "Unauthorized" if token.nil? || token.empty?
authorizations = redis.smembers("authorizations:#{user}:#{token}") authorizations = redis.smembers("authorizations:#{user}:#{token}")
permission = directory_permission(authorizations, directory) permission = directory_permission(authorizations, directory)

11
spec/swift/app_spec.rb
View File

@ -280,7 +280,6 @@ describe "App" do
end end
context "not authorized" do context "not authorized" do
describe "with no token" do describe "with no token" do
it "says it's not authorized" do it "says it's not authorized" do
delete "/phil/food/aguacate" delete "/phil/food/aguacate"
@ -290,6 +289,16 @@ describe "App" do
end end
end end
describe "with empty token" do
it "says it's not authorized" do
header "Authorization", "Bearer "
delete "/phil/food/aguacate"
last_response.status.must_equal 401
last_response.body.must_equal "Unauthorized"
end
end
describe "with wrong token" do describe "with wrong token" do
it "says it's not authorized" do it "says it's not authorized" do
header "Authorization", "Bearer wrongtoken" header "Authorization", "Bearer wrongtoken"