jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Logging: Handle auth type case insensitively

Browse Source 
According RFC-7617 (inherited from RFC-2978) schema and parameter names are handled
case insensitively:
```
Note that both scheme and parameter names are matched case-
insensitively.
```

Signed-off-by: Martin Bašti <mbasti@redhat.com>
This commit is contained in:
Martin Bašti 2019-07-11 19:01:43 +02:00 committed by Berker Peksag
parent dc7b5d5c48
commit 7e640f804c
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gunicorn/glogging.py
View File

@ -445,7 +445,7 @@ class Logger(object):
def _get_user(self, environ): def _get_user(self, environ):
user = None user = None
http_auth = environ.get("HTTP_AUTHORIZATION") http_auth = environ.get("HTTP_AUTHORIZATION")
if http_auth and http_auth.startswith('Basic'): if http_auth and http_auth.lower().startswith('basic'):
auth = http_auth.split(" ", 1) auth = http_auth.split(" ", 1)
if len(auth) == 2: if len(auth) == 2:
try: try:

12
tests/test_logger.py
View File

@ -1,6 +1,8 @@
import datetime import datetime
from types import SimpleNamespace from types import SimpleNamespace
import pytest
from gunicorn.config import Config from gunicorn.config import Config
from gunicorn.glogging import Logger from gunicorn.glogging import Logger
@ -47,7 +49,13 @@ def test_atoms_zero_bytes():
assert atoms['B'] == 0 assert atoms['B'] == 0
def test_get_username_from_basic_auth_header(): @pytest.mark.parametrize('auth', [
# auth type is case in-sensitive
'Basic YnJrMHY6',
'basic YnJrMHY6',
'BASIC YnJrMHY6',
])
def test_get_username_from_basic_auth_header(auth):
request = SimpleNamespace(headers=()) request = SimpleNamespace(headers=())
response = SimpleNamespace( response = SimpleNamespace(
status='200', response_length=1024, sent=1024, status='200', response_length=1024, sent=1024,
@ -57,7 +65,7 @@ def test_get_username_from_basic_auth_header():
'REQUEST_METHOD': 'GET', 'RAW_URI': '/my/path?foo=bar', 'REQUEST_METHOD': 'GET', 'RAW_URI': '/my/path?foo=bar',
'PATH_INFO': '/my/path', 'QUERY_STRING': 'foo=bar', 'PATH_INFO': '/my/path', 'QUERY_STRING': 'foo=bar',
'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_PROTOCOL': 'HTTP/1.1',
'HTTP_AUTHORIZATION': 'Basic YnJrMHY6', 'HTTP_AUTHORIZATION': auth,
} }
logger = Logger(Config()) logger = Logger(Config())
atoms = logger.atoms(response, request, environ, datetime.timedelta(seconds=1)) atoms = logger.atoms(response, request, environ, datetime.timedelta(seconds=1))