I need to have disabled authorization in some resource class so I added to it:
auth = {
'auth_disabled': True,
}
But when I try to call a method of this resource I get Missing Authorization Header error.
I have similar cases in my code and they work ok. So I noticed that correct cases have static routes (parameterless) unlike failing one. I did some investigation - in falcon_auth/middleware.py:
...
def _get_auth_settings(self, req, resource):
...
if auth_settings.get('auth_disabled'):
auth_settings['exempt_routes'].append(req.path)
...
and
...
def process_resource(self, req, resp, resource, *args, **kwargs):
auth_setting = self._get_auth_settings(req, resource)
if (req.uri_template in auth_setting['exempt_routes'] or
req.method in auth_setting['exempt_methods']):
return
...
In case of URI with parameters actual path differs from uri_template - that's why it doesn't exempts the method from auth.
I checked file history and as I understand req.path was replaced with req.uri_template in process_resource recently, but req.path in _get_auth_settings was not updated. Fix it please
I need to have disabled authorization in some resource class so I added to it:
But when I try to call a method of this resource I get
Missing Authorization Header
error. I have similar cases in my code and they work ok. So I noticed that correct cases have static routes (parameterless) unlike failing one. I did some investigation - infalcon_auth/middleware.py
:and
In case of URI with parameters actual
path
differs fromuri_template
- that's why it doesn't exempts the method from auth. I checked file history and as I understandreq.path
was replaced withreq.uri_template
inprocess_resource
recently, butreq.path
in_get_auth_settings
was not updated. Fix it please