From 3db4aba88635575b1efe4f18ee0eb4fba876c0a5 Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Thu, 12 Dec 2024 09:02:09 -0500 Subject: [PATCH] case-insensitive header checks for _detect_origin --- tests/unit/integration/secrets/test_views.py | 8 ++++++-- warehouse/integrations/secrets/views.py | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/unit/integration/secrets/test_views.py b/tests/unit/integration/secrets/test_views.py index f6c365dd38f5..27693b6d1706 100644 --- a/tests/unit/integration/secrets/test_views.py +++ b/tests/unit/integration/secrets/test_views.py @@ -15,6 +15,8 @@ import pretend import pytest +from webob.headers import EnvironHeaders + from warehouse.integrations.secrets import config, utils, views @@ -36,7 +38,7 @@ class TestDiscloseToken: ), ( config._github_origin, - { + { # Test for case-insensitivity on header names "GitHub-Public-Key-Identifier": "foo", "GitHub-Public-Key-Signature": "bar", }, @@ -69,7 +71,9 @@ def test_disclose_token( api_url, api_token, ): - pyramid_request.headers = headers + pyramid_request.headers = EnvironHeaders({}) + for k, v in headers.items(): + pyramid_request.headers[k] = v pyramid_request.body = "[1, 2, 3]" pyramid_request.json_body = [1, 2, 3] pyramid_request.registry.settings = settings diff --git a/warehouse/integrations/secrets/views.py b/warehouse/integrations/secrets/views.py index ad0c11ececb5..11e50f6e251f 100644 --- a/warehouse/integrations/secrets/views.py +++ b/warehouse/integrations/secrets/views.py @@ -21,7 +21,7 @@ def _detect_origin(request): for origin in config.origins: - if origin.headers.issubset(request.headers.keys()): + if all([k in request.headers for k in origin.headers]): return origin