The effect of this setting will be:

/-/create-tokens interface is no longer available
Incoming dstok_ tokens are no longer respected by the following code:

datasette/datasette/default_permissions.py

Lines 52 to 72 in b29e487

    
           @hookimpl 
        
           def actor_from_request(datasette, request): 
        
               prefix = "dstok_" 
        
               authorization = request.headers.get("authorization") 
        
               if not authorization: 
        
                   return None 
        
               if not authorization.startswith("Bearer "): 
        
                   return None 
        
               token = authorization[len("Bearer ") :] 
        
               if not token.startswith(prefix): 
        
                   return None 
        
               token = token[len(prefix) :] 
        
               try: 
        
                   decoded = datasette.unsign(token, namespace="token") 
        
               except itsdangerous.BadSignature: 
        
                   return None 
        
               expires_at = decoded.get("e") 
        
               if expires_at is not None: 
        
                   if expires_at < time.time(): 
        
                       return None 
        
               return {"id": decoded["a"], "dstok": True}

	@hookimpl
	def actor_from_request(datasette, request):
	prefix = "dstok_"
	authorization = request.headers.get("authorization")
	if not authorization:
	return None
	if not authorization.startswith("Bearer "):
	return None
	token = authorization[len("Bearer ") :]
	if not token.startswith(prefix):
	return None
	token = token[len(prefix) :]
	try:
	decoded = datasette.unsign(token, namespace="token")
	except itsdangerous.BadSignature:
	return None
	expires_at = decoded.get("e")
	if expires_at is not None:
	if expires_at < time.time():
	return None
	return {"id": decoded["a"], "dstok": True}

Uh oh!

allow_signed_tokens setting for disabling API signed token mechanism #1856

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions