Merge pull request #225 from p1c2u/fix/security-http-provider-fix

Security HTTP provider fix
2024-11-21 19:18:41 +00:00 · 2020-04-11 13:10:33 +01:00 · 2020-04-11 13:10:33 +01:00 · 1270d5a6b9
commit 1270d5a6b9
parent 2680b62ce7 e2ae4f35d0
4 changed files with 4 additions and 17 deletions
--- a/openapi_core/security/providers.py
+++ b/openapi_core/security/providers.py
@ -1,8 +1,6 @@
-import binascii
 import warnings

 from openapi_core.security.exceptions import SecurityError
-from openapi_core.security.util import b64decode


 class BaseProvider(object):
@ -40,7 +38,5 @@ class HttpProvider(BaseProvider):
        if auth_type.lower() != self.scheme.scheme.value:
            raise SecurityError(
                'Unknown authorization method %s' % auth_type)
-        try:
-            return b64decode(encoded_credentials).decode('latin1')
-        except binascii.Error:
-            raise SecurityError('Invalid base64 encoding.')
+
+        return encoded_credentials
--- a/openapi_core/security/util.py
+++ b/openapi_core/security/util.py
@ -1,9 +0,0 @@
-from base64 import urlsafe_b64decode
-
-
-def b64decode(s):
-    # Code from
-    # https://github.com/GehirnInc/python-jwt/blob/master/jwt/utils.py#L29
-    s_bin = s.encode('ascii')
-    s_bin += b'=' * (4 - len(s_bin) % 4)
-    return urlsafe_b64decode(s_bin)
--- a/tests/integration/validation/test_validators.py
+++ b/tests/integration/validation/test_validators.py
@ -283,7 +283,7 @@ class TestRequestValidator(object):
            },
        )
        assert result.security == {
-            'petstore_auth': self.api_key,
+            'petstore_auth': self.api_key_encoded,
        }


--- a/tests/unit/security/test_providers.py
+++ b/tests/unit/security/test_providers.py
@ -34,4 +34,4 @@ class TestHttpProvider(object):

        result = provider(request)

-        assert result == '1'
+        assert result == jwt