Merge pull request #266 from q3aiml/accept-lowercase-bearer
Accept lowercase "bearer" in Authorization header
This commit is contained in:
commit
bf8a7b6853
3 changed files with 16 additions and 3 deletions
|
@ -9,6 +9,7 @@ Unreleased
|
||||||
==========
|
==========
|
||||||
|
|
||||||
* Added: support introspection on client credentials tokens.
|
* Added: support introspection on client credentials tokens.
|
||||||
|
* Changed: accept lowercase "bearer" in Authorization header.
|
||||||
* Fixed: ScopeClaims class.
|
* Fixed: ScopeClaims class.
|
||||||
* Fixed: code is not zip safe.
|
* Fixed: code is not zip safe.
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ def extract_access_token(request):
|
||||||
"""
|
"""
|
||||||
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
|
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
|
||||||
|
|
||||||
if re.compile('^Bearer\s{1}.+$').match(auth_header):
|
if re.compile('^[Bb]earer\s{1}.+$').match(auth_header):
|
||||||
access_token = auth_header.split()[1]
|
access_token = auth_header.split()[1]
|
||||||
else:
|
else:
|
||||||
access_token = request.GET.get('access_token', '')
|
access_token = request.GET.get('access_token', '')
|
||||||
|
|
|
@ -59,7 +59,7 @@ class UserInfoTestCase(TestCase):
|
||||||
|
|
||||||
return token
|
return token
|
||||||
|
|
||||||
def _post_request(self, access_token):
|
def _post_request(self, access_token, schema='Bearer'):
|
||||||
"""
|
"""
|
||||||
Makes a request to the userinfo endpoint by sending the
|
Makes a request to the userinfo endpoint by sending the
|
||||||
`post_data` parameters using the 'multipart/form-data'
|
`post_data` parameters using the 'multipart/form-data'
|
||||||
|
@ -69,7 +69,7 @@ class UserInfoTestCase(TestCase):
|
||||||
|
|
||||||
request = self.factory.post(url, data={}, content_type='multipart/form-data')
|
request = self.factory.post(url, data={}, content_type='multipart/form-data')
|
||||||
|
|
||||||
request.META['HTTP_AUTHORIZATION'] = 'Bearer ' + access_token
|
request.META['HTTP_AUTHORIZATION'] = schema + ' ' + access_token
|
||||||
|
|
||||||
response = userinfo(request)
|
response = userinfo(request)
|
||||||
|
|
||||||
|
@ -84,6 +84,18 @@ class UserInfoTestCase(TestCase):
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
self.assertEqual(bool(response.content), True)
|
self.assertEqual(bool(response.content), True)
|
||||||
|
|
||||||
|
def test_response_with_valid_token_lowercase_bearer(self):
|
||||||
|
"""
|
||||||
|
Some clients expect to be able to pass the token_type value from the token endpoint
|
||||||
|
("bearer") back to the identity provider unchanged.
|
||||||
|
"""
|
||||||
|
token = self._create_token()
|
||||||
|
|
||||||
|
response = self._post_request(token.access_token, schema='bearer')
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertEqual(bool(response.content), True)
|
||||||
|
|
||||||
def test_response_with_expired_token(self):
|
def test_response_with_expired_token(self):
|
||||||
token = self._create_token()
|
token = self._create_token()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue