mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-26 10:00:37 +00:00
fix binascii.Error with reverse proxy bearer token
When an authenticating reverse proxy (e.g. Keycloak Gatekeeper) adds a Bearer token in the Authorization header, every request fails with HTTP status code 500. The corresponding error in the logs is: binascii.Error: Incorrect padding. Despite "reverse_proxy_header_login" is enabled, calibre-web tries first to base64decode the bearer token and fails. This patch just reverses the order in which the authentication methods are checked.
This commit is contained in:
parent
c1e2a98f46
commit
7a608b4fb0
12
cps/web.py
12
cps/web.py
@ -124,12 +124,6 @@ def load_user(user_id):
|
|||||||
|
|
||||||
@lm.request_loader
|
@lm.request_loader
|
||||||
def load_user_from_request(request):
|
def load_user_from_request(request):
|
||||||
auth_header = request.headers.get("Authorization")
|
|
||||||
if auth_header:
|
|
||||||
user = load_user_from_auth_header(auth_header)
|
|
||||||
if user:
|
|
||||||
return user
|
|
||||||
|
|
||||||
if config.config_allow_reverse_proxy_header_login:
|
if config.config_allow_reverse_proxy_header_login:
|
||||||
rp_header_name = config.config_reverse_proxy_login_header_name
|
rp_header_name = config.config_reverse_proxy_login_header_name
|
||||||
if rp_header_name:
|
if rp_header_name:
|
||||||
@ -139,6 +133,12 @@ def load_user_from_request(request):
|
|||||||
if user:
|
if user:
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
auth_header = request.headers.get("Authorization")
|
||||||
|
if auth_header:
|
||||||
|
user = load_user_from_auth_header(auth_header)
|
||||||
|
if user:
|
||||||
|
return user
|
||||||
|
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user