From ee1ef8caba7ad63a8538b47d221bac3c4ad9309a Mon Sep 17 00:00:00 2001 From: Santo Cariotti Date: Tue, 24 Mar 2020 16:53:53 +0100 Subject: fix: authorization header instead of authentication --- src/frest/auth/routes.py | 2 +- src/frest/decorators.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/frest/auth/routes.py b/src/frest/auth/routes.py index c4dcfc9..66bd8f5 100644 --- a/src/frest/auth/routes.py +++ b/src/frest/auth/routes.py @@ -17,7 +17,7 @@ def login(): data = request.json - auth = request.headers.get("Authentication") + auth = request.headers.get("Authorization") if auth: t = Token.query.filter_by(string=auth).first() if not t: diff --git a/src/frest/decorators.py b/src/frest/decorators.py index 181b62d..f00de2c 100644 --- a/src/frest/decorators.py +++ b/src/frest/decorators.py @@ -8,10 +8,10 @@ def check_token(f): def inner(*args, **kwargs): userid = request.url.split('/')[-1] headers = request.headers - if not headers.get("Authentication"): + if not headers.get("Authorization"): abort(403) - auth = request.headers.get("Authentication") + auth = request.headers.get("Authorization") token = Token.query.filter_by(string=auth).first() if not token: abort(403) @@ -30,7 +30,7 @@ def admin_required(f): def inner(*args, **kwargs): header = request.headers - auth = request.headers.get("Authentication") + auth = request.headers.get("Authorization") token = Token.query.filter_by(string=auth).first() if not token.user.is_admin: abort(403) -- cgit v1.2.3-18-g5258