From b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 9 Apr 2019 22:01:21 -0700
Subject: don't require auth for editgroup annotations

Amazing that this bug found it's way through... because most testing is
from Python, and was having serious auth config leakage with
python_client.

We're still in 0.x, and this is such a small/eggregious bug that i'm not
going to tag as a backwards-incompatible schema update (but will note in
CHANGELOG).
---
 rust/fatcat-api-spec/src/server.rs | 2 --
 1 file changed, 2 deletions(-)

(limited to 'rust/fatcat-api-spec/src/server.rs')

diff --git a/rust/fatcat-api-spec/src/server.rs b/rust/fatcat-api-spec/src/server.rs
index af13948e..90b4d19a 100644
--- a/rust/fatcat-api-spec/src/server.rs
+++ b/rust/fatcat-api-spec/src/server.rs
@@ -4196,8 +4196,6 @@ where
                 context.auth_data = req.extensions.remove::<AuthData>();
                 context.authorization = req.extensions.remove::<Authorization>();
 
-                let authorization = context.authorization.as_ref().ok_or_else(|| Response::with((status::Forbidden, "Unauthenticated".to_string())))?;
-
                 // Path parameters
                 let param_editgroup_id = {
                     let param = req
-- 
cgit v1.2.3