fix: remove raised exceptions and fail in validate_auth
This commit is contained in:
Revant Nandgaonkar
parent
1ecb60f1b0
commit
8ea2803fbe
2 changed files with 4 additions and 7 deletions
|
|
@ -22,7 +22,7 @@ import frappe.rate_limiter
|
|||
import frappe.recorder
|
||||
import frappe.utils.response
|
||||
from frappe import _
|
||||
from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, validate_auth, validate_auth_via_hooks
|
||||
from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, validate_auth
|
||||
from frappe.middlewares import StaticDataMiddleware
|
||||
from frappe.utils import CallbackManager, cint, get_site_name
|
||||
from frappe.utils.data import escape_html
|
||||
|
|
@ -94,8 +94,6 @@ def application(request: Request):
|
|||
|
||||
init_request(request)
|
||||
|
||||
validate_auth_via_hooks()
|
||||
|
||||
validate_auth()
|
||||
|
||||
if request.method == "OPTIONS":
|
||||
|
|
|
|||
|
|
@ -573,6 +573,7 @@ def validate_auth():
|
|||
if len(authorization_header) == 2:
|
||||
validate_oauth(authorization_header)
|
||||
validate_auth_via_api_keys(authorization_header)
|
||||
validate_auth_via_hooks()
|
||||
|
||||
# If login via bearer, basic or keypair didn't work then authentication failed and we
|
||||
# should terminate here.
|
||||
|
|
@ -645,7 +646,7 @@ def validate_auth_via_api_keys(authorization_header):
|
|||
frappe.InvalidAuthorizationToken,
|
||||
)
|
||||
except (AttributeError, TypeError, ValueError):
|
||||
raise frappe.AuthenticationError
|
||||
pass
|
||||
|
||||
|
||||
def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=None):
|
||||
|
|
@ -653,7 +654,7 @@ def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=Non
|
|||
doctype = frappe_authorization_source or "User"
|
||||
doc = frappe.db.get_value(doctype=doctype, filters={"api_key": api_key}, fieldname=["name"])
|
||||
if not doc:
|
||||
raise frappe.AuthenticationError
|
||||
return
|
||||
form_dict = frappe.local.form_dict
|
||||
doc_secret = get_decrypted_password(doctype, doc, fieldname="api_secret")
|
||||
if api_secret == doc_secret:
|
||||
|
|
@ -664,8 +665,6 @@ def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=Non
|
|||
if frappe.local.login_manager.user in ("", "Guest"):
|
||||
frappe.set_user(user)
|
||||
frappe.local.form_dict = form_dict
|
||||
else:
|
||||
raise frappe.AuthenticationError
|
||||
|
||||
|
||||
def validate_auth_via_hooks():
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue