From 7a608b4fb0754434dfb338b27949f0d3e7437ee1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Frimberger?= <andre@frimberger.de>
Date: Sun, 9 Feb 2020 17:21:22 +0100
Subject: [PATCH 1/2] fix binascii.Error with reverse proxy bearer token

When an authenticating reverse proxy (e.g. Keycloak Gatekeeper) adds a Bearer token in the Authorization header, every request fails with HTTP status code 500.  The corresponding error in the logs is: binascii.Error: Incorrect padding.
Despite "reverse_proxy_header_login" is enabled, calibre-web tries first to base64decode the bearer token and fails. This patch just reverses the order in which the authentication methods  are checked.
---
 cps/web.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cps/web.py b/cps/web.py
index ab38f3d4..a98cb6e1 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -123,13 +123,7 @@ def load_user(user_id):
 
 
 @lm.request_loader
-def load_user_from_request(request):
-    auth_header = request.headers.get("Authorization")
-    if auth_header:
-        user = load_user_from_auth_header(auth_header)
-        if user:
-            return user
-
+def load_user_from_request(request):    
     if config.config_allow_reverse_proxy_header_login:
         rp_header_name = config.config_reverse_proxy_login_header_name
         if rp_header_name:
@@ -138,6 +132,12 @@ def load_user_from_request(request):
                 user = _fetch_user_by_name(rp_header_username)
                 if user:
                     return user
+    
+    auth_header = request.headers.get("Authorization")
+    if auth_header:
+        user = load_user_from_auth_header(auth_header)
+        if user:
+            return user
 
     return
 

From 33cdf20cd5c1e71f2d2e20ac6dcf9799777a3dd7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Frimberger?= <andre@frimberger.de>
Date: Sun, 16 Feb 2020 10:25:01 +0100
Subject: [PATCH 2/2] Remove trailing whitespaces

---
 cps/web.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cps/web.py b/cps/web.py
index a98cb6e1..ac4bfc28 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -132,7 +132,7 @@ def load_user_from_request(request):
                 user = _fetch_user_by_name(rp_header_username)
                 if user:
                     return user
-    
+
     auth_header = request.headers.get("Authorization")
     if auth_header:
         user = load_user_from_auth_header(auth_header)