# KSP Token optimization

* adds support for standardized bearer token usage instead of ksptoken/kspuser header usage (still supported)
2025-01-21 13:38:37 +01:00 · 2025-01-21 13:38:37 +01:00 · e39c7eb51f
commit e39c7eb51f
parent 19bd408fbd
2 changed files with 11 additions and 6 deletions
--- a/api/models/token.py
+++ b/api/models/token.py
@ -51,7 +51,7 @@ class APIUserToken(models.Model):
            if token_obj.valid_until is not None and token_obj.valid_until < _today:
                raise PermissionError("Token validity expired")
        except ObjectDoesNotExist:
-            raise PermissionError("Credentials invalid")
+            raise PermissionError("Token unknown")
        return token_obj.user


--- a/api/views/views.py
+++ b/api/views/views.py
@ -50,14 +50,19 @@ class AbstractAPIView(View):
    def dispatch(self, request, *args, **kwargs):
        try:
            # Fetch the proper user from the given request header token
-            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
            ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
-            token_user = APIUserToken.get_user_from_token(ksp_token)

-            if ksp_user != token_user.username:
+            if not token and not ksp_user:
+                bearer_token = request.headers.get("authorization", None)
+                if not bearer_token:
+                    raise PermissionError("No token provided")
+                token = bearer_token.split(" ")[1]
+
+            token_user = APIUserToken.get_user_from_token(token)
+            if ksp_user and ksp_user != token_user.username:
                raise PermissionError(f"Invalid token for {ksp_user}")
-            else:
-                self.user = token_user
+            self.user = token_user

            request.user = self.user
            if not self.user.is_default_user():