Merge pull request 'master' (#466) from master into Docker

Reviewed-on: #466
2025-01-21 13:44:14 +01:00 · 2025-01-21 13:44:14 +01:00 · 303583daa1
commit 303583daa1
parent d07b2ffbfb 616965c890
3 changed files with 13 additions and 8 deletions
--- a/api/models/token.py
+++ b/api/models/token.py
@ -51,7 +51,7 @@ class APIUserToken(models.Model):
            if token_obj.valid_until is not None and token_obj.valid_until < _today:
                raise PermissionError("Token validity expired")
        except ObjectDoesNotExist:
-            raise PermissionError("Credentials invalid")
+            raise PermissionError("Token unknown")
        return token_obj.user


--- a/api/views/views.py
+++ b/api/views/views.py
@ -50,14 +50,19 @@ class AbstractAPIView(View):
    def dispatch(self, request, *args, **kwargs):
        try:
            # Fetch the proper user from the given request header token
-            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
            ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
-            token_user = APIUserToken.get_user_from_token(ksp_token)

-            if ksp_user != token_user.username:
+            if not token and not ksp_user:
+                bearer_token = request.headers.get("authorization", None)
+                if not bearer_token:
+                    raise PermissionError("No token provided")
+                token = bearer_token.split(" ")[1]
+
+            token_user = APIUserToken.get_user_from_token(token)
+            if ksp_user and ksp_user != token_user.username:
                raise PermissionError(f"Invalid token for {ksp_user}")
-            else:
-                self.user = token_user
+            self.user = token_user

            request.user = self.user
            if not self.user.is_default_user():
--- a/codelist/management/commands/update_codelist.py
+++ b/codelist/management/commands/update_codelist.py
@ -82,8 +82,8 @@ class Command(BaseKonovaCommand):
                atom_id = element.find("atomid").text
                selectable = element.find("selectable").text.lower()
                selectable = bool_map.get(selectable, False)
-                short_name = element.find("shortname").text
-                long_name = element.find("longname").text
+                short_name = element.find("shortname").text or ""
+                long_name = element.find("longname").text or ""
                is_archived = bool_map.get((element.find("archive").text.lower()), False)

                code = KonovaCode.objects.get_or_create(