Skip to content

Commit

Permalink
Support for breaking changes in Flask/Werkzeug 2.3 (Fixes #160)
Browse files Browse the repository at this point in the history
  • Loading branch information
miguelgrinberg committed Apr 27, 2023
1 parent 15498a3 commit 7654839
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 16 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
python: ['3.7', '3.8', '3.9', '3.10', '3.11', 'pypy-3.8']
python: ['3.8', '3.9', '3.10', '3.11', 'pypy-3.8']
flask: ['flask<2.3', 'flask>=2.3']
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
Expand All @@ -33,6 +34,8 @@ jobs:
- run: python -m pip install --upgrade pip wheel
- run: pip install tox tox-gh-actions
- run: tox
env:
FLASK_VERSION: ${{ matrix.flask }}
coverage:
name: coverage
runs-on: ubuntu-latest
Expand Down
21 changes: 10 additions & 11 deletions src/flask_httpauth.py
Original file line number Diff line number Diff line change
Expand Up @@ -76,22 +76,24 @@ def get_auth(self):
auth = None
if self.header is None or self.header == 'Authorization':
auth = request.authorization
if auth is None and 'Authorization' in request.headers:
# Flask/Werkzeug do not recognize any authentication types
# other than Basic or Digest, so here we parse the header by
# hand
if auth is None and \
'Authorization' in request.headers: # pragma: no cover
# Flask/Werkzeug versions before 2.3 do not recognize any
# authentication types other than Basic or Digest, so here we
# parse the header by hand
try:
auth_type, token = request.headers['Authorization'].split(
None, 1)
auth = Authorization(auth_type, {'token': token})
auth = Authorization(auth_type)
auth.token = token
except (ValueError, KeyError):
# The Authorization header is either empty or has no token
pass
elif self.header in request.headers:
# using a custom header, so the entire value of the header is
# assumed to be a token
auth = Authorization(self.scheme,
{'token': request.headers[self.header]})
auth = Authorization(self.scheme)
auth.token = request.headers[self.header]

# if the auth type does not match, we act as if there is no auth
# this is better than failing directly, as it allows the callback
Expand Down Expand Up @@ -391,10 +393,7 @@ def verify_token(self, f):
return f

def authenticate(self, auth, stored_password):
if auth:
token = auth['token']
else:
token = ""
token = getattr(auth, 'token', '')
if self.verify_token_callback:
return self.ensure_sync(self.verify_token_callback)(token)

Expand Down
4 changes: 2 additions & 2 deletions tests/test_multi.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def verify_token(token):

@token_auth.get_user_roles
def get_token_role(auth):
if auth['token'] == 'this-is-the-token!':
if auth.token == 'this-is-the-token!':
return 'foo'
return

Expand All @@ -44,7 +44,7 @@ def verify_custom_token(token):

@custom_token_auth.get_user_roles
def get_custom_token_role(auth):
if auth['token'] == 'this-is-the-custom-token!':
if auth.token == 'this-is-the-custom-token!':
return 'foo'
return

Expand Down
4 changes: 2 additions & 2 deletions tests/test_multi_async.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ async def verify_token(token):

@token_auth.get_user_roles
async def get_token_role(auth):
if auth['token'] == 'this-is-the-token!':
if auth.token == 'this-is-the-token!':
return 'foo'
return

Expand All @@ -47,7 +47,7 @@ async def verify_custom_token(token):

@custom_token_auth.get_user_roles
async def get_custom_token_role(auth):
if auth['token'] == 'this-is-the-custom-token!':
if auth.token == 'this-is-the-custom-token!':
return 'foo'
return

Expand Down
1 change: 1 addition & 0 deletions tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ python =
[testenv]
commands=
pip install -e .
pip install {env:FLASK_VERSION:flask>=2.3}
pytest -p no:logging --cov=src --cov-branch --cov-report=term-missing --cov-report=xml
deps=
asgiref
Expand Down

0 comments on commit 7654839

Please sign in to comment.