diff options
| author | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-03-27 18:46:16 +0100 |
|---|---|---|
| committer | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-03-27 19:01:15 +0100 |
| commit | 35534d46bef472b1d1cb19ee4c5949823053da2a (patch) | |
| tree | 2c1fe22593f7a5535ef4177663b9c48f092f70c7 | |
| parent | 4a0a47ce23080142b12832b44e6cd56072c50df2 (diff) | |
| download | paste-35534d46bef472b1d1cb19ee4c5949823053da2a.tar.gz paste-35534d46bef472b1d1cb19ee4c5949823053da2a.tar.xz paste-35534d46bef472b1d1cb19ee4c5949823053da2a.zip | |
Respond to auth failures with WWW-Authenticate
| -rw-r--r-- | paste/__init__.py | 12 | ||||
| -rw-r--r-- | tests/middleware/test_authenticate.py | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/paste/__init__.py b/paste/__init__.py index 2ec00a4..c769997 100644 --- a/paste/__init__.py +++ b/paste/__init__.py @@ -36,7 +36,10 @@ DB_PATH = "paste.sqlite3" def simple_response( - start_response: StartResponse, status: str, exc_info: Optional[tuple] = None + start_response: StartResponse, + status: str, + extra_headers: list = list(), + exc_info: Optional[tuple] = None, ) -> Response: body = (status + "\n").encode() start_response( @@ -44,6 +47,7 @@ def simple_response( [ ("Content-Type", "text/plain"), ("Content-Length", str(len(body))), + *extra_headers, ], exc_info, ) @@ -197,7 +201,11 @@ def authenticate(app: App, environ: Env, start_response: StartResponse) -> Respo if environ["REQUEST_METHOD"] in {"GET", "HEAD"} or check_auth(): return app(environ, start_response) - return simple_response(start_response, "401 Unauthorized") + return simple_response( + start_response, + "401 Unauthorized", + extra_headers=[("WWW-Authenticate", "APIKey")], + ) @catch_exceptions diff --git a/tests/middleware/test_authenticate.py b/tests/middleware/test_authenticate.py index 28ccef2..2395316 100644 --- a/tests/middleware/test_authenticate.py +++ b/tests/middleware/test_authenticate.py @@ -53,6 +53,7 @@ def test_authenticate_no_header(app, method, monkeypatch): assert response.data == b"401 Unauthorized\n" assert response.status == "401 Unauthorized" assert ("Content-Type", "text/plain") in response.headers + assert ("WWW-Authenticate", "APIKey") in response.headers @pytest.mark.parametrize("method", ["POST", "PUT", "DELETE"]) @@ -64,6 +65,7 @@ def test_authenticate_malformed_key(app, method, key, monkeypatch): assert response.data == b"401 Unauthorized\n" assert response.status == "401 Unauthorized" assert ("Content-Type", "text/plain") in response.headers + assert ("WWW-Authenticate", "APIKey") in response.headers @pytest.mark.parametrize("method", ["POST", "PUT", "DELETE"]) @@ -89,6 +91,7 @@ def test_authenticate_check_token_fail(app, method, monkeypatch): assert response.data == b"401 Unauthorized\n" assert response.status == "401 Unauthorized" assert ("Content-Type", "text/plain") in response.headers + assert ("WWW-Authenticate", "APIKey") in response.headers @pytest.mark.parametrize("method", ["POST", "PUT", "DELETE"]) |