()
| 297 | |
| 298 | @hook('before_request') |
| 299 | def check_authentication(): |
| 300 | if not any((DataStore.username, DataStore.password)): |
| 301 | return |
| 302 | |
| 303 | authorization = request.headers.get("Authorization", "") |
| 304 | match = re.search(r"(?i)\ABasic\s+([^\s]+)", authorization) |
| 305 | |
| 306 | if not match: |
| 307 | request.environ["PATH_INFO"] = "/error/401" |
| 308 | |
| 309 | try: |
| 310 | creds = decodeBase64(match.group(1), binary=False) |
| 311 | except: |
| 312 | request.environ["PATH_INFO"] = "/error/401" |
| 313 | else: |
| 314 | if creds.count(':') != 1: |
| 315 | request.environ["PATH_INFO"] = "/error/401" |
| 316 | else: |
| 317 | username, password = creds.split(':') |
| 318 | if username.strip() != (DataStore.username or "") or password.strip() != (DataStore.password or ""): |
| 319 | request.environ["PATH_INFO"] = "/error/401" |
| 320 | |
| 321 | @hook("after_request") |
| 322 | def security_headers(json_header=True): |
nothing calls this directly
no test coverage detected
searching dependent graphs…