Check .well-known before getting login and password
cosmetic change
This commit is contained in:
parent
1bd4e6abbe
commit
c9a78908e8
@ -420,6 +420,10 @@ class Application:
|
|||||||
# Get function corresponding to method
|
# Get function corresponding to method
|
||||||
function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper())
|
function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper())
|
||||||
|
|
||||||
|
# If "/.well-known" is not available, clients query "/"
|
||||||
|
if path == "/.well-known" or path.startswith("/.well-known/"):
|
||||||
|
return response(*NOT_FOUND)
|
||||||
|
|
||||||
# Ask authentication backend to check rights
|
# Ask authentication backend to check rights
|
||||||
external_login = self.Auth.get_external_login(environ)
|
external_login = self.Auth.get_external_login(environ)
|
||||||
authorization = environ.get("HTTP_AUTHORIZATION", "")
|
authorization = environ.get("HTTP_AUTHORIZATION", "")
|
||||||
@ -435,10 +439,6 @@ class Application:
|
|||||||
password = ""
|
password = ""
|
||||||
user = self.Auth.map_login_to_user(login)
|
user = self.Auth.map_login_to_user(login)
|
||||||
|
|
||||||
# If "/.well-known" is not available, clients query "/"
|
|
||||||
if path == "/.well-known" or path.startswith("/.well-known/"):
|
|
||||||
return response(*NOT_FOUND)
|
|
||||||
|
|
||||||
if not user:
|
if not user:
|
||||||
is_authenticated = True
|
is_authenticated = True
|
||||||
elif not storage.is_safe_path_component(user):
|
elif not storage.is_safe_path_component(user):
|
||||||
|
Loading…
Reference in New Issue
Block a user