Cookie Token Preference Over Authorization Header

ISSUE_NUMBER: GH-016
## Description
The `checkAuth` function in `middleware/checkAuth.py` prioritizes the JWT token from the cookie over the `Authorization` header. This behavior might be unintentional and could lead to security issues.
**File:** `repositories/jobflowapi/middleware/checkAuth.py`
**Line:** 13
**Severity:** medium
### Current Behavior
The code retrieves the token from `request.cookies.get('token') or request.headers.get('Authorization')`. This means that if both the cookie and the header contain a token, the cookie token will be used.
### Expected Behavior
The code should either prioritize the `Authorization` header or provide a mechanism to configure the preferred token source.
### Suggested Fix
Modify the code to prioritize the `Authorization` header or provide a configuration option to select the preferred token source.
### Code Context
```python
token = request.cookies.get('token') or request.headers.get('Authorization')
```
### Additional Notes
This could allow an attacker to inject a malicious cookie and bypass authentication.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cookie Token Preference Over Authorization Header #43

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cookie Token Preference Over Authorization Header #43

Description

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions