Improve exception handling for invalid UTF-8 encoded X-API-KEY header (#1479)

This commit is contained in:
Matt Scott 2023-03-22 04:34:55 -04:00 committed by GitHub
commit 004d1d40c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -460,10 +460,8 @@ def apikey_auth(f):
if auth_header:
try:
apikey_val = str(base64.b64decode(auth_header), 'utf-8')
except binascii.Error as e:
current_app.logger.error(
'Invalid base64-encoded of credential. Error {0}'.format(
e))
except (binascii.Error, UnicodeDecodeError) as e:
current_app.logger.error('Invalid base64-encoded X-API-KEY. Error {0}'.format(e))
abort(401)
except TypeError as e:
current_app.logger.error('Error: {0}'.format(e))