From 4cfe9eed793162012e8a2e1c9b4479053571e90c Mon Sep 17 00:00:00 2001
From: Rucha Mahabal <ruchamahabal2@gmail.com>
Date: Wed, 11 Sep 2019 01:57:26 +0530
Subject: [PATCH] fix: authentication in handler.py

---
 frappe/frappeclient.py | 26 ++++++++++++++------------
 frappe/handler.py      |  2 ++
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/frappe/frappeclient.py b/frappe/frappeclient.py
index e9f3578349..6e7635a238 100644
--- a/frappe/frappeclient.py
+++ b/frappe/frappeclient.py
@@ -24,15 +24,16 @@ class FrappeClient(object):
 		self.verify = verify
 		self.session = requests.session()
 		self.url = url
+		self.api_key = api_key
+		self.api_secret = api_secret
+		self.frappe_authorization_source = frappe_authorization_source
+
+		self.setup_key_authentication_headers()
 
 		# login if username/password provided
 		if username and password:
 			self._login(username, password)
 
-		# token based authentication if api_key and api_secret provided
-		elif api_key and api_secret:
-			self.authenticate(api_key, api_secret, frappe_authorization_source)
-
 	def __enter__(self):
 		return self
 
@@ -54,14 +55,15 @@ class FrappeClient(object):
 				raise SiteExpiredError
 			raise AuthError
 
-	def authenticate(self, api_key, api_secret, frappe_authorization_source=None):
-		token = b64encode('{}:{}'. format(api_key, api_secret))
-		auth_header = {'Authorization': 'Basic {}'.format(token)}
-		self.session.headers.update(auth_header)
-		if not frappe_authorization_source:
-			frappe_authorization_source = 'User'
-		auth_source = {'Frappe-Authorization-Source': frappe_authorization_source}
-		self.session.headers.update(auth_source)
+	def setup_key_authentication_headers(self):
+		if self.api_key and self.api_secret:
+			token = b64encode('{}:{}'. format(self.api_key, self.api_secret))
+			auth_header = {'Authorization': 'Basic {}'.format(token)}
+			self.headers.update(auth_header)
+
+			if self.frappe_authorization_source:
+				auth_source = {'Frappe-Authorization-Source': self.frappe_authorization_source}
+				self.headers.update(auth_source)
 
 	def logout(self):
 		'''Logout session'''
diff --git a/frappe/handler.py b/frappe/handler.py
index fa570f334d..c0d7d582ff 100755
--- a/frappe/handler.py
+++ b/frappe/handler.py
@@ -8,12 +8,14 @@ import frappe.utils
 import frappe.sessions
 import frappe.desk.form.run_method
 from frappe.utils.response import build_response
+from frappe.api import validate_auth_via_api_keys
 from frappe.utils import cint
 from werkzeug.wrappers import Response
 from six import string_types
 
 def handle():
 	"""handle request"""
+	validate_auth_via_api_keys()
 	cmd = frappe.local.form_dict.cmd
 	data = None