diff options
Diffstat (limited to 'api.py')
-rwxr-xr-x | api.py | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -94,11 +94,22 @@ class AccessChecker: def _get_token_text(self, headers): '''Extract access token from request headers or None if not there''' v = headers.get('Authorization', '') + if not v: + logging.error('No Authorization header') + return None + words = v.split() - if len(words) == 2: - keyword, token_text = words - if keyword.lower() == 'bearer': - return token_text + if len(words) != 2: + logging.error('Authorization header does not contain two words') + return None + + keyword, token_text = words + if keyword.lower() != 'bearer': + logging.error('Authorization header does not contain a Bearer token') + return None + + logging.debug('Got an access token from Authorization header') + return token_text class API: |