Skip to content

Commit

Permalink
Let callback decide what to do when authentication type does not match
Browse files Browse the repository at this point in the history
  • Loading branch information
miguelgrinberg committed Mar 12, 2016
1 parent f83a5c2 commit b942f98
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion flask_httpauth.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,12 @@ def decorated(*args, **kwargs):
# The Authorization header is either empty or has no token
pass

# if the auth type does not match, we act as if there is no auth
# this is better than failing directly, as it allows the callback
# to handle special cases, like supporting multiple auth types
if auth is not None and auth.type.lower() != self.scheme.lower():
return self.auth_error_callback()
auth = None

# Flask normally handles OPTIONS requests on its own, but in the
# case it is configured to forward those to the application, we
# need to ignore authentication headers and let the request through
Expand Down

0 comments on commit b942f98

Please sign in to comment.