Handle missing or blank authorization header.

Peter Amstutz · Peter Amstutz · commit 58179f693727 · 2018-05-23T13:06:56.000-04:00
diff --git a/wes_service/arvados_wes.py b/wes_service/arvados_wes.py
@@ -13,8 +13,12 @@
 
 from wes_service.util import visit, WESBackend
 
+class MissingAuthorization(Exception):
+    pass
 
 def get_api():
+    if not connexion.request.headers.get('Authorization'):
+        raise MissingAuthorization()
     return arvados.api_from_config(version="v1", apiconfig={
         "ARVADOS_API_HOST": os.environ["ARVADOS_API_HOST"],
         "ARVADOS_API_TOKEN": connexion.request.headers['Authorization'],
@@ -43,6 +47,8 @@ def catch_exceptions_wrapper(self, *args, **kwargs):
             return {"msg": e._get_reason(), "status_code": e.resp.status}, int(e.resp.status)
         except subprocess.CalledProcessError as e:
             return {"msg": str(e), "status_code": 500}, 500
+        except MissingAuthorization:
+            return {"msg": "'Authorization' header is missing or empty, expecting Arvados API token", "status_code": 401}, 401
 
     return catch_exceptions_wrapper
 
@@ -111,6 +117,9 @@ def RunWorkflow(self, body):
         if body["workflow_type"] != "CWL" or body["workflow_type_version"] != "v1.0":  # NOQA
             return
 
+        if not connexion.request.headers.get('Authorization'):
+            raise MissingAuthorization()
+
         env = {
             "PATH": os.environ["PATH"],
             "ARVADOS_API_HOST": os.environ["ARVADOS_API_HOST"],
