Closed edmorley closed 6 years ago
Yeah, it looks like checking for the auth header is out of sync.
It checks with a space here: https://github.com/kumar303/hawkrest/blob/ebb9690f8930a936fb2cc6c5ba19b70061c9bc94/hawkrest/__init__.py#L74
And it checks without a space here: https://github.com/kumar303/hawkrest/blob/ebb9690f8930a936fb2cc6c5ba19b70061c9bc94/hawkrest/middleware.py#L11
They should both use a shared helper function to know if the request was Hawk authenticated or not.
This evening Treeherder experienced thousands of HTTP 500s of form:
(Using hawkrest 1.0.0, mohawk 0.3.4, djangorestframework 3.6.4, Django 1.11.6, Python 2.7.14)
This exception only occurs if the authentication backend didn't process the request, but
middleware.py
'sprocess_response()
did.From code inspection, one way this might occur, if is the
HTTP_AUTHORIZATION
header contained the stringHawk
with no space before subsequent characters, since the conditional for both pieces aren't consistent in their use of whitespace: https://github.com/kumar303/hawkrest/blob/1.0.0/hawkrest/__init__.py#L74 https://github.com/kumar303/hawkrest/blob/1.0.0/hawkrest/middleware.py#L11Whilst looking at the middleware it also seems like it could be simplified somewhat, with either an early return, or at least a consolidation of conditionals - worth doing given middleware is on the hot path.