Fixed to store the auth state in request instead of the g global object in the flask_login load_user_from_request and unauthorized handlers in the init_app method of the DigestAuth class. This is so that the auth state is always reset in the lifecycle of request even if g stays. Revised the unauthorized to create a new auth state if it is not available in the current request, in the case that the load_user_from_request handler was not run previously.
This commit is contained in:
parent
a07118ef9c
commit
aeb93a60e5
@ -356,10 +356,13 @@ class DigestAuth:
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
state: AuthState = request.digest_auth_state \
|
||||
if hasattr(request, "digest_auth_state") \
|
||||
else AuthState()
|
||||
response: Response = Response()
|
||||
response.status = 401
|
||||
response.headers["WWW-Authenticate"] \
|
||||
= self.__make_response_header(g.digest_auth_state)
|
||||
= self.__make_response_header(state)
|
||||
abort(response)
|
||||
|
||||
@login_manager.request_loader
|
||||
@ -370,7 +373,7 @@ class DigestAuth:
|
||||
:return: The authenticated user, or None if the
|
||||
authentication fails
|
||||
"""
|
||||
g.digest_auth_state = AuthState()
|
||||
request.digest_auth_state = AuthState()
|
||||
authorization: Authorization = req.authorization
|
||||
try:
|
||||
if authorization is None:
|
||||
@ -378,7 +381,7 @@ class DigestAuth:
|
||||
if authorization.type != "digest":
|
||||
raise UnauthorizedException(
|
||||
"Not an HTTP digest authorization")
|
||||
self.__authenticate(g.digest_auth_state)
|
||||
self.__authenticate(request.digest_auth_state)
|
||||
user = login_manager.user_callback(
|
||||
authorization.username)
|
||||
login_user(user)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user