mirror of
https://github.com/simonw/datasette.git
synced 2026-07-10 01:24:45 +02:00
Invalid dstok_ tokens - bad signature, malformed payload, expired, or presented while allow_signed_tokens is off - previously degraded the request to anonymous, so clients saw a 403 permission error or worse, a 200 with anonymous-visible data. Token handlers can now raise TokenInvalid for tokens they recognize but reject; Datasette responds with 401, the canonical JSON error body and a WWW-Authenticate: Bearer error="invalid_token" header, even when a valid cookie is also present. Bearer tokens no registered handler recognizes are still ignored, so authentication plugins with their own token formats keep working. TokenInvalid is exported from the datasette package for use by plugin token handlers. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GrHZSypDfMnym1tM5XJAFZ
9 lines
507 B
Python
9 lines
507 B
Python
from datasette.permissions import Permission # noqa
|
|
from datasette.version import __version_info__, __version__ # noqa
|
|
from datasette.events import Event # noqa
|
|
from datasette.tokens import TokenHandler, TokenInvalid, TokenRestrictions # noqa
|
|
from datasette.utils.asgi import Forbidden, NotFound, Request, Response # noqa
|
|
from datasette.utils import actor_matches_allow # noqa
|
|
from datasette.views import Context # noqa
|
|
from .hookspecs import hookimpl # noqa
|
|
from .hookspecs import hookspec # noqa
|