Check .well-known before getting login and password

cosmetic change
This commit is contained in:
Unrud 2017-09-17 14:03:44 +02:00
parent 1bd4e6abbe
commit c9a78908e8

View File

@ -420,6 +420,10 @@ class Application:
# Get function corresponding to method # Get function corresponding to method
function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper()) function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper())
# If "/.well-known" is not available, clients query "/"
if path == "/.well-known" or path.startswith("/.well-known/"):
return response(*NOT_FOUND)
# Ask authentication backend to check rights # Ask authentication backend to check rights
external_login = self.Auth.get_external_login(environ) external_login = self.Auth.get_external_login(environ)
authorization = environ.get("HTTP_AUTHORIZATION", "") authorization = environ.get("HTTP_AUTHORIZATION", "")
@ -435,10 +439,6 @@ class Application:
password = "" password = ""
user = self.Auth.map_login_to_user(login) user = self.Auth.map_login_to_user(login)
# If "/.well-known" is not available, clients query "/"
if path == "/.well-known" or path.startswith("/.well-known/"):
return response(*NOT_FOUND)
if not user: if not user:
is_authenticated = True is_authenticated = True
elif not storage.is_safe_path_component(user): elif not storage.is_safe_path_component(user):