API token: support any casing for 'Bearer' (#343)

pini-gh · vsoch · web-flow · commit 0a51aacefe7a · 2021-02-18T16:26:26.000-07:00
* API token: support any casing for 'Bearer' Fixes #342 * running black formatting, version bump Signed-off-by: vsoch <vsoch@users.noreply.github.com> Co-authored-by: vsoch <vsoch@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@ represented by the pull requests that fixed them. Critical items to know are:
 
 
 ## [master](https://github.com/singularityhub/sregistry/tree/master) (master)
+ - allowing for Bearer token to have any casing (1.1.31)
  - adding minio environment file to https docker-compose (1.1.3)
  - enforcing usernames to be all lowercase (1.1.29)
  - Added ability to specify Minio direct download from interface (1.1.28)
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.3
+1.1.31
diff --git a/shub/apps/library/views/helpers.py b/shub/apps/library/views/helpers.py
@@ -31,8 +31,9 @@ def validate_token(request):
     token = request.META.get("HTTP_AUTHORIZATION")
     if token:
         try:
-            token = token.split(" ")[-1]  # Get rid of BEARER or Bearer <token>
-            Token.objects.get(key=token.strip())
+            Token.objects.get(
+                key=re.sub("bearer", "", token, flags=re.IGNORECASE).strip()
+            )
             return True
         except Token.DoesNotExist:
             pass
@@ -48,7 +49,9 @@ def get_token(request):
 
     if token:
         try:
-            return Token.objects.get(key=token.replace("BEARER", "").strip())
+            return Token.objects.get(
+                key=re.sub("bearer", "", token, flags=re.IGNORECASE).strip()
+            )
         except Token.DoesNotExist:
             pass
 
