From 9c646f72ea4c0c5e1862dd616bcba563b41b2233 Mon Sep 17 00:00:00 2001 From: nagem Date: Mon, 14 Mar 2016 17:15:27 -0500 Subject: [PATCH 1/5] Add request headers to 401 OAuth token error --- api/base.py | 7 +++++-- api/util.py | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/api/base.py b/api/base.py index 236d20fe7..98918ba5d 100644 --- a/api/base.py +++ b/api/base.py @@ -7,6 +7,7 @@ import urllib import urlparse import webapp2 +import pprint from . import util from . import config @@ -67,8 +68,10 @@ def __init__(self, request=None, response=None): u = u._replace(query=urllib.urlencode(query, True)) provider_avatar = urlparse.urlunparse(u) else: - headers = {'WWW-Authenticate': 'Bearer realm="{}", error="invalid_token", error_description="Invalid OAuth2 token."'.format(site_id)} - self.abort(401, 'invalid oauth2 token', headers=headers) + err_msg = 'Invalid OAuth2 token.' + headers = {'WWW-Authenticate': 'Bearer realm="{}", error="invalid_token", error_description="{}"'.format(site_id, err_msg)} + log.warn('{} Request headers: {}'.format(err_msg, util.str_from_dict(self.request.headers))) + self.abort(401, err_msg, headers=headers) # 'Debug' (insecure) setting: allow request to act as requested user elif self.debug and self.get_param('user'): diff --git a/api/util.py b/api/util.py index f553ba1f9..a4e5ac6d5 100644 --- a/api/util.py +++ b/api/util.py @@ -98,6 +98,24 @@ def obj_from_map(_map): return type('',(object,),_map)() +def str_from_dict(_dict): + """ + Attempts to create a string in the format 'key: value, key: value, ... ' from a python dict. + Best for when some values might not be json serializable, making json.dumps unusable. + """ + + key_values = [] + for k,v in _dict.items(): + key_value = k + ': ' + try: + key_value += str(v) + except: + key_value += '' + key_values.append(key_value) + + return ", ".join(key_values) + + def path_from_hash(hash_): """ create a filepath from a hash From 84c32b3df9b0da71102badd49f2631ebef6f7d8d Mon Sep 17 00:00:00 2001 From: nagem Date: Mon, 14 Mar 2016 17:31:53 -0500 Subject: [PATCH 2/5] Remove unused pprint import --- api/base.py | 1 - 1 file changed, 1 deletion(-) diff --git a/api/base.py b/api/base.py index 98918ba5d..97abc248e 100644 --- a/api/base.py +++ b/api/base.py @@ -7,7 +7,6 @@ import urllib import urlparse import webapp2 -import pprint from . import util from . import config From 943b8a001a483e97eca72b68059c5477b3773bd3 Mon Sep 17 00:00:00 2001 From: nagem Date: Wed, 16 Mar 2016 09:59:37 -0500 Subject: [PATCH 3/5] Remove auth token from log message --- api/base.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/base.py b/api/base.py index 97abc248e..6ef241c00 100644 --- a/api/base.py +++ b/api/base.py @@ -69,6 +69,8 @@ def __init__(self, request=None, response=None): else: err_msg = 'Invalid OAuth2 token.' headers = {'WWW-Authenticate': 'Bearer realm="{}", error="invalid_token", error_description="{}"'.format(site_id, err_msg)} + if 'Authorization' in self.request.headers: + self.request.headers['Authorization'] = '' log.warn('{} Request headers: {}'.format(err_msg, util.str_from_dict(self.request.headers))) self.abort(401, err_msg, headers=headers) From 2be19b8d7a575d25eec7dc836b7ab3eef07c05fb Mon Sep 17 00:00:00 2001 From: nagem Date: Wed, 16 Mar 2016 10:06:08 -0500 Subject: [PATCH 4/5] Keep auth token in log message --- api/base.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/api/base.py b/api/base.py index 6ef241c00..97abc248e 100644 --- a/api/base.py +++ b/api/base.py @@ -69,8 +69,6 @@ def __init__(self, request=None, response=None): else: err_msg = 'Invalid OAuth2 token.' headers = {'WWW-Authenticate': 'Bearer realm="{}", error="invalid_token", error_description="{}"'.format(site_id, err_msg)} - if 'Authorization' in self.request.headers: - self.request.headers['Authorization'] = '' log.warn('{} Request headers: {}'.format(err_msg, util.str_from_dict(self.request.headers))) self.abort(401, err_msg, headers=headers) From 4274d63b6d058c77582cbecd7ced216063129bbf Mon Sep 17 00:00:00 2001 From: nagem Date: Wed, 16 Mar 2016 17:03:05 -0500 Subject: [PATCH 5/5] Improved method of printing dict --- api/base.py | 2 +- api/util.py | 18 ------------------ 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/api/base.py b/api/base.py index 97abc248e..5ca25d645 100644 --- a/api/base.py +++ b/api/base.py @@ -69,7 +69,7 @@ def __init__(self, request=None, response=None): else: err_msg = 'Invalid OAuth2 token.' headers = {'WWW-Authenticate': 'Bearer realm="{}", error="invalid_token", error_description="{}"'.format(site_id, err_msg)} - log.warn('{} Request headers: {}'.format(err_msg, util.str_from_dict(self.request.headers))) + log.warn('{} Request headers: {}'.format(err_msg, str(self.request.headers.items()))) self.abort(401, err_msg, headers=headers) # 'Debug' (insecure) setting: allow request to act as requested user diff --git a/api/util.py b/api/util.py index a4e5ac6d5..f553ba1f9 100644 --- a/api/util.py +++ b/api/util.py @@ -98,24 +98,6 @@ def obj_from_map(_map): return type('',(object,),_map)() -def str_from_dict(_dict): - """ - Attempts to create a string in the format 'key: value, key: value, ... ' from a python dict. - Best for when some values might not be json serializable, making json.dumps unusable. - """ - - key_values = [] - for k,v in _dict.items(): - key_value = k + ': ' - try: - key_value += str(v) - except: - key_value += '' - key_values.append(key_value) - - return ", ".join(key_values) - - def path_from_hash(hash_): """ create a filepath from a hash