Merge pull request #179 from ncbo/bugfix/bogus_auth_header

Bugfix/API failure with bogus auth header
ncbo · Jan 11, 2024 · 5e2c5fc · 5e2c5fc
2 parents 9c572ad + ee31d14
commit 5e2c5fc
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 13 deletions.
diff --git a/lib/ontologies_linked_data/security/authorization.rb b/lib/ontologies_linked_data/security/authorization.rb
@@ -78,6 +78,8 @@ def find_apikey(env, params)
           apikey = params["apikey"]
         elsif apikey.nil? && header_auth
           token = Rack::Utils.parse_query(header_auth.split(" ")[1])
+          return unless token["token"]
+
           # Strip spaces from start and end of string
           apikey = token["token"].gsub(/\"/, "")
           # If the user apikey is passed, use that instead

diff --git a/test/rack/test_request_authorization.rb b/test/rack/test_request_authorization.rb
@@ -60,31 +60,32 @@ def _delete_user
 
   def test_authorize
     get "/ontologies"
-    assert last_response.status == 401
+    assert_equal 401, last_response.status
+    get "/ontologies", {}, {"Authorization" => "bogus auth header"}
+    assert_equal 401, last_response.status
     get "/ontologies", {}, {"Authorization" => 'apikey token="'+@apikey+''+'"'}
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
     assert @apikey.eql?(apikey)
     get "/ontologies", {}, {"Authorization" => "apikey token=#{@apikey}"}
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
-    assert @apikey.eql?(apikey)
+    assert_equal @apikey, apikey
     get "/ontologies?apikey=#{@apikey}"
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
-    assert @apikey.eql?(apikey)
+    assert_equal @apikey, apikey
     get "/ontologies", {}, {"Authorization" => 'apikey token="'+@apikey+'&userapikey='+@userapikey+'"'}
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
-    assert @userapikey.eql?(apikey)
+    assert_equal @userapikey, apikey
     get "/ontologies", {}, {"Authorization" => "apikey token=#{@apikey}&userapikey=#{@userapikey}"}
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
-    assert @userapikey.eql?(apikey)
+    assert_equal @userapikey, apikey
     get "/ontologies?apikey=#{@apikey}&userapikey=#{@userapikey}"
-    assert last_response.status == 200
+    assert_equal 200, last_response.status
     apikey = MultiJson.load(last_response.body)
-    assert @userapikey.eql?(apikey)
+    assert_equal @userapikey, apikey
   end
-
 end