1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/3149e4f08365/ Changeset: 3149e4f08365 User: martenson Date: 2014-01-16 19:30:53 Summary: removed obvious bugs in api_key retrieval through API using basic authentication Affected #: 1 file diff -r a24014287a29cddcd4ef392a4bde59a833c3ecab -r 3149e4f0836584708c417c42e36250709026d18c lib/galaxy/webapps/galaxy/api/authenticate.py --- a/lib/galaxy/webapps/galaxy/api/authenticate.py +++ b/lib/galaxy/webapps/galaxy/api/authenticate.py @@ -10,7 +10,6 @@ from galaxy.exceptions import ObjectNotFound from paste.httpexceptions import HTTPBadRequest - import logging log = logging.getLogger( __name__ ) @@ -23,7 +22,7 @@ * GET /api/authenticate/baseauth returns an API key for authenticated user based on BaseAuth headers """ - email, password = _decode_baseauth( trans.environ.get( 'HTTP_AUTHORIZATION' ) ) + email, password = self._decode_baseauth( trans.environ.get( 'HTTP_AUTHORIZATION' ) ) user = trans.sa_session.query( trans.app.model.User ).filter( trans.app.model.User.table.c.email == email ).all() @@ -41,38 +40,38 @@ trans.response.status = 500 return "invalid password" - return dict('api_key', api_key_row.key) + return dict( api_key= api_key_row.key ) -def _decode_baseauth( encoded_str ): - """Decode an encrypted HTTP basic authentication string. Returns a tuple of - the form (email, password), and raises a DecodeError exception if - nothing could be decoded. - """ - split = encoded_str.strip().split(' ') + def _decode_baseauth( self, encoded_str ): + """Decode an encrypted HTTP basic authentication string. Returns a tuple of + the form (email, password), and raises a HTTPBadRequest exception if + nothing could be decoded. + """ + split = encoded_str.strip().split(' ') - # If split is only one element, try to decode the email and password - # directly. - if len(split) == 1: - try: - email, password = b64decode(split[0]).split(':') - except: - raise HTTPBadRequest + # If split is only one element, try to decode the email and password + # directly. + if len(split) == 1: + try: + email, password = b64decode(split[0]).split(':') + except: + raise HTTPBadRequest - # If there are only two elements, check the first and ensure it says - # 'basic' so that we know we're about to decode the right thing. If not, - # bail out. - elif len(split) == 2: - if split[0].strip().lower() == 'basic': - try: - email, password = b64decode(split[1]).split(':') - except: - raise DecodeError + # If there are only two elements, check the first and ensure it says + # 'basic' so that we know we're about to decode the right thing. If not, + # bail out. + elif len(split) == 2: + if split[0].strip().lower() == 'basic': + try: + email, password = b64decode(split[1]).split(':') + except: + raise HTTPBadRequest + else: + raise HTTPBadRequest + + # If there are more than 2 elements, something crazy must be happening. + # Bail. else: raise HTTPBadRequest - # If there are more than 2 elements, something crazy must be happening. - # Bail. - else: - raise HTTPBadRequest - - return unquote(email), unquote(password) + return unquote(email), unquote(password) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.