# KSP Token optimization

* adds support for standardized bearer token usage instead of ksptoken/kspuser header usage (still supported)

api/models/token.py

@@ -51,7 +51,7 @@ class APIUserToken(models.Model):
             if token_obj.valid_until is not None and token_obj.valid_until < _today:
                 raise PermissionError("Token validity expired")
         except ObjectDoesNotExist:
-            raise PermissionError("Credentials invalid")
+            raise PermissionError("Token unknown")
         return token_obj.user
 
 

api/views/views.py

@@ -50,14 +50,19 @@ class AbstractAPIView(View):
     def dispatch(self, request, *args, **kwargs):
         try:
             # Fetch the proper user from the given request header token
-            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
             ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
-            token_user = APIUserToken.get_user_from_token(ksp_token)
 
-            if ksp_user != token_user.username:
+            if not token and not ksp_user:
+                bearer_token = request.headers.get("authorization", None)
+                if not bearer_token:
+                    raise PermissionError("No token provided")
+                token = bearer_token.split(" ")[1]
+
+            token_user = APIUserToken.get_user_from_token(token)
+            if ksp_user and ksp_user != token_user.username:
                 raise PermissionError(f"Invalid token for {ksp_user}")
-            else:
+            self.user = token_user
-                self.user = token_user
 
             request.user = self.user
             if not self.user.is_default_user():