xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 03:19:48 +00:00
Code Issues Projects Releases Wiki Activity

Fix 500 instead of 401 on bad HTTP authentication

Browse Source 
Code optimistically assumed that authentication would fill out data to
pass to authorization, which does not get filled out if authentication fails.
This commit is contained in:
Jarrod Johnson 2014-07-25 15:40:26 -04:00
parent 1fb8b33c06
commit 291e90afcf
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confluent_server/confluent/httpapi.py
View File

@ -167,6 +167,8 @@ def _authorize_request(env, operation):
name, passphrase = base64.b64decode(
env['HTTP_AUTHORIZATION'].replace('Basic ', '')).split(':', 1)
authdata = auth.check_user_passphrase(name, passphrase, element=None)
if not authdata:
return {'code': 401}
sessid = util.randomstring(32)
while sessid in httpsessions:
sessid = util.randomstring(32)