Login/Register
Flask unable to read Authorization header on ElasticBeanstalk
Asked Answered
python-3.xamazon-web-serviceswsgiamazon-elastic-beanstalkflask-peewee
A

2

26

I have deployed a Flask app to AWS ElasticBeanstalk. The app is unable to read the 'Authorization' header in requests.

Error log reports:

KeyError: 'HTTP_AUTHORIZATION'

Error traced to:

@application.before_request
    def before_request():
       try:
          token = request.headers['Authorization'].split(' ')[-1]
          user = User.get(token=token)
          g.user = user
       except ValueError as e:
        abort(401)

Application directory:

app/
    .elasticbeanstalk
    application.py
    virt
    .ebignore
    requirements.txt

Environment configuration sets the WSGIPath to application.py:

aws:elasticbeanstalk:container:python:
 NumProcesses: '1'
 NumThreads: '15'
 StaticFiles: /static/=static/
 WSGIPath: application.py

Environment runs Python 3.6 and the following components:

Click==7.0
Flask==1.0.2
Flask-RESTful==0.3.7
itsdangerous==1.1.0
Jinja2==2.10
MarkupSafe==1.1.1
peewee==3.9.2
psycopg2==2.7.7
python-dotenv==0.10.1
pytz==2018.9
six==1.12.0
Werkzeug==0.14.1

Is anything else required?

Attempted (unsuccessful) solution:

I have burnt many hours on this, and have attempted to configure WSGIPassAuthorization, (as per advice here and elsewhere) however, I have not been successful.

Application directory containing workaround:

app/
    .elasticbeanstalk
    .ebextensions/
        wsgi_custom.config
    application.py
    virt
    .ebignore
    requirements.txt

When I attempt to create the eb environment containing .ebextensions/wsgi_custom.config the EB CLI reports an error saying that the YAML is not valid:

    ERROR: InvalidParameterValueError - The configuration file .ebextensions/wsgi_custom.config in application version app-190310_100513 contains invalid YAML or JSON. YAML exception: Invalid Yaml: while scanning a simple key
 in "<reader>", line 7, column 5:
        WSGIPassAuthorization On
        ^
could not found expected ':'
 in "<reader>", line 7, column 29:
    On
      ^
, JSON exception: Invalid JSON: Unexpected character (f) at position 0.. Update the configuration file.

Contents of .ebextensions/wsgi_custom.config:

    files:
       "/etc/httpd/conf.d/wsgi_custom.conf":
         mode: "000644"
         owner: root
         group: root
         content: |
           WSGIPassAuthorization On

My YAML validation tool reports valid YAML.

Note: editor is set to use spaces, as per AWS YAML advice.

Amphibolite answered 10/3, 2019 at 0:59 Comment(1)
Thanks - Solution 1 worked great for me.Carolanncarole
I
0

Solved YAML validation errors in the example above. I believe the validation errors were a red herring. The .conf file mentioned in the script now has a valid name.

Contents of .ebextensions/wsgi_custom.config:

    files:
  "/etc/httpd/conf.d/wsgihacks.conf":
    mode: "000644"
    owner: root
    group: root
    content: |
      WSGIPassAuthorization On
Ineluctable answered 10/3, 2019 at 0:59 Comment(0)
I
0

Set WSGIPassAuthorization on ElasticBeanstalk using container_commands.

Step 1. Create .ebextensions/wsgi_custom.config:

app/
    .elasticbeanstalk
    .ebextensions/
        wsgi_custom.config
    application.py
    virt
    .ebignore
    requirements.txt

wsgi_custom.config:

container_commands:
    01wsgipass:
        command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'

Step 2. Restart EB environment.

Flask app can now read 'Authorization' header in requests.

Ineluctable answered 10/3, 2019 at 0:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.