AlanCoding
diff --git a/‎ansible_base/authentication/authenticator_plugins/google_oauth2.py‎
Lines changed: 1 addition & 1 deletion b/‎ansible_base/authentication/authenticator_plugins/google_oauth2.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ansible_base/jwt_consumer/common/util.py‎
Lines changed: 7 additions & 1 deletion b/‎ansible_base/jwt_consumer/common/util.py‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎ansible_base/lib/cache/fallback_cache.py‎
Lines changed: 10 additions & 2 deletions b/‎ansible_base/lib/cache/fallback_cache.py‎
Lines changed: 10 additions & 2 deletions
@@ -7,7 +7,7 @@
 from ansible_base.authentication.social_auth import SocialAuthMixin, SocialAuthValidateCallbackMixin
 from ansible_base.lib.serializers.fields import BooleanField, CharField, ChoiceField, ListField, URLField
 
-logger = logging.getLogger('ansible_base.authentication.authenticator_plugins.oidc')
+logger = logging.getLogger('ansible_base.authentication.authenticator_plugins.google_oauth2')
 
 
 class GoogleOAuth2Configuration(BaseAuthenticatorConfiguration):
 
@@ -42,9 +42,15 @@ def validate_x_trusted_proxy_header(header_value: str, ignore_cache=False) -> bo
         logger.warning("Failed to validate x-trusted-proxy-header, malformed, expected value to contain a -")
         return False
 
+    try:
+        signature_bytes = bytes.fromhex(signature)
+    except ValueError:
+        logger.warning("Failed to validate x-trusted-proxy-header, malformed, expected signature to well-formed base64")
+        return False
+
     try:
         public_key.verify(
-            bytes.fromhex(signature),
+            signature_bytes,
             bytes(f'{_SHARED_SECRET}-{timestamp}', 'utf-8'),
             padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
             hashes.SHA256(),
 
@@ -9,13 +9,21 @@
 from django.core import cache as django_cache
 from django.core.cache.backends.base import BaseCache
 
+from ansible_base.lib.utils.settings import get_setting
+
 logger = logging.getLogger('ansible_base.cache.fallback_cache')
 
 DEFAULT_TIMEOUT = None
 PRIMARY_CACHE = 'primary'
 FALLBACK_CACHE = 'fallback'
 
-_temp_file = Path().joinpath(tempfile.gettempdir(), 'gw_primary_cache_failed')
+_temp_path = get_setting('ANSIBLE_BASE_FALLBACK_CACHE_FILE_PATH', tempfile.gettempdir())
+_temp_file = Path().joinpath(_temp_path, 'gw_primary_cache_failed')
+
+
+def create_temp_file():
+    _temp_file.touch()
+    _temp_file.chmod(mode=0o660)
 
 
 class DABCacheWithFallback(BaseCache):
@@ -77,7 +85,7 @@ def _op_with_fallback(self, operation, *args, **kwargs):
                     time.sleep(random.uniform(10, 100) / 100.0)
                     if not _temp_file.exists():
                         logger.error("Primary cache unavailable, switching to fallback cache.")
-                    _temp_file.touch()
+                    create_temp_file()
                 response = getattr(self._fallback_cache, operation)(*args, **kwargs)
 
         return response