0

I have my ionic as frontend, which append a Bearer Token in each Request. My Tornado server is already configured for CORS. The problem is when I activate my decorator to check if that request has 'Authorization' header, I don't why, that header disappeared. There's no 'Authorization' header. But If I disable this header, everything is ok and tornado show me that header.

Any idea?

I override RequestHandler set_default_headers method

With these headers:

 set_default_headers(self):
        self.set_header("Access-Control-Allow-Origin", "*")
        self.set_header("Access-Control-Allow-Headers", "authorization")
        self.set_header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS')

Decorator

class EvaluationHandler(RequestHandler)

def get(self):
 print(handler.request.headers) <--- Good headers

My token decorator to check it:

def jwtauth(handler_class):
    def wrap_execute(handler_execute):
        def require_auth(handler, kwargs):
            auth = handler.request.headers.get('Authorization', None)
            print(handler.request.headers) <---- Bad Headers
            print(auth)
            if auth:
                if not loginRepository.validToken(auth):
                    return_header_error(handler)
            else:
                return_header_error(handler)
                handler._transforms = []
                handler.write(MISSING_AUTHORIZATION_KEY)
                handler.finish()

            return True

        def _execute(self, transforms, *args, **kwargs):
            try:
                require_auth(self, kwargs)
            except Exception:
                return False

            return handler_execute(self, transforms, *args, **kwargs)

        return _execute

    handler_class._execute = wrap_execute(handler_class._execute)
    return handler_class

EDIT: the problem could be custom decorator is taking is own header configuration, but I don't know how to do it anyway

xyres
  • 20,487
  • 3
  • 56
  • 85
Victor Vallecillo
  • 1
  • 2

1 Answers1

0

If the only function of the decorator is to check for certain headers, a better way to do that would be in the prepare method to make things easier. 

EvaluationHandler(RequestHandler):
    def prepare(self):
        auth = self.request.headers.get('Authorization', None)

        if not auth:
            ...
            return self.finish()
xyres
  • 20,487
  • 3
  • 56
  • 85
  • But how can I do it with a custom decorator? In this case, decorator can be really useful. – Victor Vallecillo Apr 29 '19 at 08:21
  • @VictorVallecillo I can't really say: I've never used decorators on my classes. Creating base classes pretty much eliminates the need for decorators. Can you give any examples like how it would be useful? – xyres Apr 30 '19 at 03:25
  • https://stackoverflow.com/questions/4842978/decorator-pattern-versus-sub-classing – Victor Vallecillo Apr 30 '19 at 09:42