Merge branch 'validate-token-without-path' into 'master'

Fix bug in parsing tokens with pathless scope See merge request !54

Merge branch 'validate-token-without-path' into 'master'
8b2fe17e · Duncan Meacher · 3404574c · c0876a78 · 8b2fe17e
Commit 8b2fe17e authored 2 years ago by Duncan Meacher
--- a/gwdatafind_server/authentication.py
+++ b/gwdatafind_server/authentication.py
@@ -93,7 +93,14 @@ def _validate_scitoken(request):
        audience=audience,
    )

-    authz, path = scope.split(":", 1)
+    # parse authz operation and path (if present)
+    try:
+        authz, path = scope.split(":", 1)
+    except ValueError:
+        authz = scope
+        path = None
+
+    # test the token
    if not enforcer.test(token, authz, path):
        raise RuntimeError("token enforcement failed")
    current_app.logger.info('User SciToken authorised.')