From 5d309af86fbce6ca1daebf0abe98e83c676d7c82 Mon Sep 17 00:00:00 2001 From: Johnny Date: Wed, 17 May 2017 11:08:50 +0200 Subject: [PATCH 1/2] Check that the headers are actually provided. --- sanic/request.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sanic/request.py b/sanic/request.py index 69307222..8d3aca32 100644 --- a/sanic/request.py +++ b/sanic/request.py @@ -79,7 +79,7 @@ class Request(dict): :return: token related to request """ auth_header = self.headers.get('Authorization') - if 'Token ' in auth_header: + if auth_header is not None and 'Token ' in auth_header: return auth_header.partition('Token ')[-1] else: return auth_header From 58bae83558479ccdda4cc22b7f2d237cf100b0bb Mon Sep 17 00:00:00 2001 From: Johnny Date: Wed, 17 May 2017 11:15:45 +0200 Subject: [PATCH 2/2] Add a regression test. --- tests/test_requests.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/test_requests.py b/tests/test_requests.py index f77fd90f..06e2b7ae 100644 --- a/tests/test_requests.py +++ b/tests/test_requests.py @@ -182,6 +182,14 @@ def test_token(): assert request.token == token + # no Authorization headers + headers = { + 'content-type': 'application/json' + } + + request, response = app.test_client.get('/', headers=headers) + + assert request.token is None # ------------------------------------------------------------ #