diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:01:21 -0700 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:01:24 -0700 |
commit | b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14 (patch) | |
tree | 38481a83ad3bbcf16d7c78923a9da355efc42e1e /rust/fatcat-api-spec/src/server.rs | |
parent | 1655a55f61658664d437bd2a018e6eb1243dfbfc (diff) | |
download | fatcat-b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14.tar.gz fatcat-b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14.zip |
don't require auth for editgroup annotations
Amazing that this bug found it's way through... because most testing is
from Python, and was having serious auth config leakage with
python_client.
We're still in 0.x, and this is such a small/eggregious bug that i'm not
going to tag as a backwards-incompatible schema update (but will note in
CHANGELOG).
Diffstat (limited to 'rust/fatcat-api-spec/src/server.rs')
-rw-r--r-- | rust/fatcat-api-spec/src/server.rs | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/rust/fatcat-api-spec/src/server.rs b/rust/fatcat-api-spec/src/server.rs index af13948e..90b4d19a 100644 --- a/rust/fatcat-api-spec/src/server.rs +++ b/rust/fatcat-api-spec/src/server.rs @@ -4196,8 +4196,6 @@ where context.auth_data = req.extensions.remove::<AuthData>(); context.authorization = req.extensions.remove::<Authorization>(); - let authorization = context.authorization.as_ref().ok_or_else(|| Response::with((status::Forbidden, "Unauthenticated".to_string())))?; - // Path parameters let param_editgroup_id = { let param = req |