From b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14 Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Tue, 9 Apr 2019 22:01:21 -0700 Subject: don't require auth for editgroup annotations Amazing that this bug found it's way through... because most testing is from Python, and was having serious auth config leakage with python_client. We're still in 0.x, and this is such a small/eggregious bug that i'm not going to tag as a backwards-incompatible schema update (but will note in CHANGELOG). --- fatcat-openapi2.yml | 2 -- python_client/fatcat_client/api/default_api.py | 2 +- rust/fatcat-api-spec/README.md | 2 +- rust/fatcat-api-spec/api.yaml | 2 -- rust/fatcat-api-spec/api/swagger.yaml | 2 -- rust/fatcat-api-spec/src/server.rs | 2 -- 6 files changed, 2 insertions(+), 10 deletions(-) diff --git a/fatcat-openapi2.yml b/fatcat-openapi2.yml index 76f51e63..4d3443de 100644 --- a/fatcat-openapi2.yml +++ b/fatcat-openapi2.yml @@ -2854,8 +2854,6 @@ paths: operationId: "get_editgroup_annotations" tags: # TAGLINE - edit-lifecycle # TAGLINE - security: - - Bearer: [] parameters: - name: expand in: query diff --git a/python_client/fatcat_client/api/default_api.py b/python_client/fatcat_client/api/default_api.py index 2acc0aac..7083ca1b 100644 --- a/python_client/fatcat_client/api/default_api.py +++ b/python_client/fatcat_client/api/default_api.py @@ -5063,7 +5063,7 @@ class DefaultApi(object): ['application/json']) # noqa: E501 # Authentication setting - auth_settings = ['Bearer'] # noqa: E501 + auth_settings = [] # noqa: E501 return self.api_client.call_api( '/editgroup/{editgroup_id}/annotations', 'GET', diff --git a/rust/fatcat-api-spec/README.md b/rust/fatcat-api-spec/README.md index b9f07e75..5730bf18 100644 --- a/rust/fatcat-api-spec/README.md +++ b/rust/fatcat-api-spec/README.md @@ -13,7 +13,7 @@ To see how to make this your own, look here: [README](https://github.com/swagger-api/swagger-codegen/blob/master/README.md) - API version: 0.2.0 -- Build date: 2019-01-29T04:18:53.539Z +- Build date: 2019-04-10T04:59:58.690Z This autogenerated project defines an API crate `fatcat` which contains: * An `Api` trait defining the API in Rust. diff --git a/rust/fatcat-api-spec/api.yaml b/rust/fatcat-api-spec/api.yaml index 76f51e63..4d3443de 100644 --- a/rust/fatcat-api-spec/api.yaml +++ b/rust/fatcat-api-spec/api.yaml @@ -2854,8 +2854,6 @@ paths: operationId: "get_editgroup_annotations" tags: # TAGLINE - edit-lifecycle # TAGLINE - security: - - Bearer: [] parameters: - name: expand in: query diff --git a/rust/fatcat-api-spec/api/swagger.yaml b/rust/fatcat-api-spec/api/swagger.yaml index e8b8650d..f70b434c 100644 --- a/rust/fatcat-api-spec/api/swagger.yaml +++ b/rust/fatcat-api-spec/api/swagger.yaml @@ -6929,8 +6929,6 @@ paths: uppercase_operation_id: "GET_EDITGROUP_ANNOTATIONS" uppercase_data_type: "ERRORRESPONSE" producesJson: true - security: - - Bearer: [] operation_id: "get_editgroup_annotations" uppercase_operation_id: "GET_EDITGROUP_ANNOTATIONS" path: "/editgroup/:editgroup_id/annotations" diff --git a/rust/fatcat-api-spec/src/server.rs b/rust/fatcat-api-spec/src/server.rs index af13948e..90b4d19a 100644 --- a/rust/fatcat-api-spec/src/server.rs +++ b/rust/fatcat-api-spec/src/server.rs @@ -4196,8 +4196,6 @@ where context.auth_data = req.extensions.remove::(); context.authorization = req.extensions.remove::(); - let authorization = context.authorization.as_ref().ok_or_else(|| Response::with((status::Forbidden, "Unauthenticated".to_string())))?; - // Path parameters let param_editgroup_id = { let param = req -- cgit v1.2.3