app: Fail when giving invalid API keys

When an API key is passed, fail in the case of an invalid API key even
if an API key is not required. This allows the user to know that the API
key is invalid. Otherwise, they work under the assumption that the API
key is correct, even though it is not.
This commit is contained in:
Mufeed Ali 2022-02-20 13:36:29 +05:30
parent 8962de8755
commit 933c96914b
No known key found for this signature in database
GPG key ID: 5B93F7B4CC99C769

View file

@ -174,11 +174,19 @@ def create_app(args):
if flood.has_violation(ip): if flood.has_violation(ip):
flood.decrease(ip) flood.decrease(ip)
if args.api_keys and args.require_api_key_origin: if args.api_keys:
ak = get_req_api_key() ak = get_req_api_key()
if ( if (
api_keys_db.lookup(ak) is None and request.headers.get("Origin") != args.require_api_key_origin ak and api_keys_db.lookup(ak) is None
):
abort(
403,
description="Invalid API key",
)
elif (
args.require_api_key_origin
and api_keys_db.lookup(ak) is None
and request.headers.get("Origin") != args.require_api_key_origin
): ):
abort( abort(
403, 403,