Skip to content

Commit

Permalink
Call is_bypassable_request before checking for a directly passed token
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mark90
Mark90 committed May 24, 2024
1 parent 9a8da31 commit dd135f8
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 3 deletions.
4 changes: 2 additions & 2 deletions oauth2_lib/fastapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,13 +209,13 @@ async def authenticate(self, request: HTTPConnection, token: Optional[str] = Non
token_or_extracted_id_token = token
else:
request = cast(Request, request)
if await self.is_bypassable_request(request):
return None
if token is None:
extracted_id_token = await self.id_token_extractor.extract(request)
if not extracted_id_token:
return None
token_or_extracted_id_token = extracted_id_token
elif await self.is_bypassable_request(request):
return None
else:
token_or_extracted_id_token = token

Expand Down
1 change: 0 additions & 1 deletion tests/test_fastapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,6 @@ class OIDCAuthMock(OIDCAuth):
async def is_bypassable_request(request: Request) -> bool:
return True

OIDCAuth.is_bypassable_request = staticmethod(lambda req: True)
oidc_auth = OIDCAuthMock(
"openid_url", "openid_url/.well-known/openid-configuration", "id", "secret", OIDCUserModel
)
Expand Down

0 comments on commit dd135f8

Please sign in to comment.