diff options
| author | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:01:21 -0700 | 
|---|---|---|
| committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-04-09 22:01:24 -0700 | 
| commit | b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14 (patch) | |
| tree | 38481a83ad3bbcf16d7c78923a9da355efc42e1e /rust/fatcat-api-spec/src | |
| parent | 1655a55f61658664d437bd2a018e6eb1243dfbfc (diff) | |
| download | fatcat-b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14.tar.gz fatcat-b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14.zip | |
don't require auth for editgroup annotations
Amazing that this bug found it's way through... because most testing is
from Python, and was having serious auth config leakage with
python_client.
We're still in 0.x, and this is such a small/eggregious bug that i'm not
going to tag as a backwards-incompatible schema update (but will note in
CHANGELOG).
Diffstat (limited to 'rust/fatcat-api-spec/src')
| -rw-r--r-- | rust/fatcat-api-spec/src/server.rs | 2 | 
1 files changed, 0 insertions, 2 deletions
| diff --git a/rust/fatcat-api-spec/src/server.rs b/rust/fatcat-api-spec/src/server.rs index af13948e..90b4d19a 100644 --- a/rust/fatcat-api-spec/src/server.rs +++ b/rust/fatcat-api-spec/src/server.rs @@ -4196,8 +4196,6 @@ where                  context.auth_data = req.extensions.remove::<AuthData>();                  context.authorization = req.extensions.remove::<Authorization>(); -                let authorization = context.authorization.as_ref().ok_or_else(|| Response::with((status::Forbidden, "Unauthenticated".to_string())))?; -                  // Path parameters                  let param_editgroup_id = {                      let param = req | 
