try catch is magic

moulinette/interfaces/__init__.py

@@ -259,10 +259,7 @@ class BaseActionsMapParser(object):
                 raise MoulinetteError("error_see_log")
 
         # -- 'authenticator'
-        if "authenticator" in configuration:
-            auth = configuration["authenticator"]
-        else:
-            auth = "default"
+        auth = configuration.get("authenticator", "default")
         if not is_global and isinstance(auth, str):
             # Store needed authenticator profile
             if auth not in self.global_conf["authenticator"]:

moulinette/interfaces/api.py

@@ -407,7 +407,10 @@ class _ActionsMapPlugin(object):
         # We check that there's a (signed) session.hash available
         # for additional security ?
         # (An attacker could not craft such signed hashed ? (FIXME : need to make sure of this))
+        try:
             s_secret = self.secrets[s_id]
+        except KeyError:
+            s_secret = {}
         if profile not in request.get_cookie(
             "session.tokens", secret=s_secret, default={}
         ):