diff --git a/myice/webapi.py b/myice/webapi.py index 3c43f4c..5d88139 100644 --- a/myice/webapi.py +++ b/myice/webapi.py @@ -89,9 +89,8 @@ class AuthHeaders(BaseModel): # Decode JWT header and payload (without verification for simplicity in this example) parts = token.split(".") if len(parts) != 3: - # If not a standard JWT, treat as opaque token - # For now, we'll accept any non-empty token as valid for testing - return len(token) > 0 + # Reject opaque or malformed tokens + return False # Decode payload (part 1) payload = parts[1] @@ -110,10 +109,9 @@ class AuthHeaders(BaseModel): return True except Exception as e: + # Log the validation error but do NOT authenticate on failure print(f"Token validation error: {e}") - # Even if we can't validate the token, if it exists, we'll accept it for now - # This is for development/testing purposes only - return len(self.token()) > 0 + return False class HealthCheck(BaseModel):