mirrors/calibre-web
1
0
Fork 0
mirror of https://github.com/janeczku/calibre-web synced 2024-12-25 17:40:31 +00:00
Code Issues Releases Wiki Activity

fix binascii.Error with reverse proxy bearer token

Browse Source 
When an authenticating reverse proxy (e.g. Keycloak Gatekeeper) adds a Bearer token in the Authorization header, every request fails with HTTP status code 500.  The corresponding error in the logs is: binascii.Error: Incorrect padding. 
Despite "reverse_proxy_header_login" is enabled, calibre-web tries first to base64decode the bearer token and fails. This patch just reverses the order in which the authentication methods  are checked.
This commit is contained in:
André Frimberger 2020-02-09 17:21:22 +01:00 committed by GitHub
parent c1e2a98f46
commit 7a608b4fb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cps/web.py
View File

@ -123,13 +123,7 @@ def load_user(user_id):
@lm.request_loader @lm.request_loader
def load_user_from_request(request): def load_user_from_request(request):
auth_header = request.headers.get("Authorization")
if auth_header:
user = load_user_from_auth_header(auth_header)
if user:
return user
if config.config_allow_reverse_proxy_header_login: if config.config_allow_reverse_proxy_header_login:
rp_header_name = config.config_reverse_proxy_login_header_name rp_header_name = config.config_reverse_proxy_login_header_name
if rp_header_name: if rp_header_name:
@ -138,6 +132,12 @@ def load_user_from_request(request):
user = _fetch_user_by_name(rp_header_username) user = _fetch_user_by_name(rp_header_username)
if user: if user:
return user return user
auth_header = request.headers.get("Authorization")
if auth_header:
user = load_user_from_auth_header(auth_header)
if user:
return user
return return