Merge pull request #731 from jrocketfingers/fix/token-missing-auth-headers

Check that the Authorization headers are actually provided.
This commit is contained in:
Raphael Deem 2017-05-17 13:10:12 -07:00 committed by GitHub
commit 0e4aaf8856
2 changed files with 9 additions and 1 deletions

View File

@ -86,7 +86,7 @@ class Request(dict):
:return: token related to request
"""
auth_header = self.headers.get('Authorization')
if 'Token ' in auth_header:
if auth_header is not None and 'Token ' in auth_header:
return auth_header.partition('Token ')[-1]
else:
return auth_header

View File

@ -182,6 +182,14 @@ def test_token():
assert request.token == token
# no Authorization headers
headers = {
'content-type': 'application/json'
}
request, response = app.test_client.get('/', headers=headers)
assert request.token is None
# ------------------------------------------------------------ #