##// END OF EJS Templates
token-access: allow token in headers not only in GET/URL
milka -
r4608:374a996c stable
parent child
Show More
@@ -469,7 +469,14 def get_auth_user(request):
469 ip_addr = get_ip_addr(environ)
469 ip_addr = get_ip_addr(environ)
470
470
471 # make sure that we update permissions each time we call controller
471 # make sure that we update permissions each time we call controller
472 _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
472 _auth_token = (
473 # ?auth_token=XXX
474 request.GET.get('auth_token', '')
475 # ?api_key=XXX !LEGACY
476 or request.GET.get('api_key', '')
477 # or headers....
478 or request.headers.get('X-Rc-Auth-Token', '')
479 )
473 if not _auth_token and request.matchdict:
480 if not _auth_token and request.matchdict:
474 url_auth_token = request.matchdict.get('_auth_token')
481 url_auth_token = request.matchdict.get('_auth_token')
475 _auth_token = url_auth_token
482 _auth_token = url_auth_token
@@ -119,3 +119,4 def includeme(config):
119
119
120 # This needs to be the LAST item
120 # This needs to be the LAST item
121 config.add_tween('rhodecode.lib.middleware.request_wrapper.RequestWrapperTween')
121 config.add_tween('rhodecode.lib.middleware.request_wrapper.RequestWrapperTween')
122 log.debug('configured all tweens')
General Comments 0
You need to be logged in to leave comments. Login now