From 36a7ff19bcd9b7321f43b4a7ce5ee6e4097f2fc3 Mon Sep 17 00:00:00 2001 From: Rafik Farhad Date: Sat, 21 Feb 2026 16:52:49 -0600 Subject: [PATCH] Fix AttributeError on unauthenticated OPDS requests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit request_username() is used as flask-limiter's key_func for the OPDS blueprint. The limiter evaluates key_func in a before_request handler, before the route's auth decorator runs. When no Authorization header is present, request.authorization is None, causing an AttributeError and a 500 response instead of the expected 401. Guard against None so unauthenticated requests fall back to an empty string key, allowing the auth decorator to handle the 401 correctly. Fixes #3592 Disclaimer: AI assisted—humans supervised. --- cps/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cps/main.py b/cps/main.py index b0f56b6d..cc05bb50 100644 --- a/cps/main.py +++ b/cps/main.py @@ -24,7 +24,7 @@ from flask import request def request_username(): - return request.authorization.username + return request.authorization.username if request.authorization else "" def main():