rhodecode-enterprise-ce Commit - r4608:374a996c

token-access: allow token in headers not only in GET/URL

milka -

r4608:374a996c stable

parent child

rhodecode/lib/base.py

0 +8 -1

                 ip_addr = get_ip_addr(environ)
                 # make sure that we update permissions each time we call controller
-                _auth_token = (request.GET.get('auth_token', '') or request.GET.get('api_key', ''))
+                _auth_token = (
+                        # ?auth_token=XXX
+                        request.GET.get('auth_token', '')
+                        # ?api_key=XXX !LEGACY
+                        or request.GET.get('api_key', '')
+                        # or headers....
+                        or request.headers.get('X-Rc-Auth-Token', '')
+                )
                 if not _auth_token and request.matchdict:
                     url_auth_token = request.matchdict.get('_auth_token')
                     _auth_token = url_auth_token

rhodecode/tweens.py

0 +1 0

                 # This needs to be the LAST item
                 config.add_tween('rhodecode.lib.middleware.request_wrapper.RequestWrapperTween')
+                log.debug('configured all tweens')

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages