From b1b4ecc1d7bc3aaffc6d8f88ad99709867c0dc14 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 9 Apr 2019 22:01:21 -0700
Subject: don't require auth for editgroup annotations

Amazing that this bug found it's way through... because most testing is
from Python, and was having serious auth config leakage with
python_client.

We're still in 0.x, and this is such a small/eggregious bug that i'm not
going to tag as a backwards-incompatible schema update (but will note in
CHANGELOG).
---
 rust/fatcat-api-spec/README.md        | 2 +-
 rust/fatcat-api-spec/api.yaml         | 2 --
 rust/fatcat-api-spec/api/swagger.yaml | 2 --
 rust/fatcat-api-spec/src/server.rs    | 2 --
 4 files changed, 1 insertion(+), 7 deletions(-)

(limited to 'rust')

diff --git a/rust/fatcat-api-spec/README.md b/rust/fatcat-api-spec/README.md
index b9f07e75..5730bf18 100644
--- a/rust/fatcat-api-spec/README.md
+++ b/rust/fatcat-api-spec/README.md
@@ -13,7 +13,7 @@ To see how to make this your own, look here:
 [README](https://github.com/swagger-api/swagger-codegen/blob/master/README.md)
 
 - API version: 0.2.0
-- Build date: 2019-01-29T04:18:53.539Z
+- Build date: 2019-04-10T04:59:58.690Z
 
 This autogenerated project defines an API crate `fatcat` which contains:
 * An `Api` trait defining the API in Rust.
diff --git a/rust/fatcat-api-spec/api.yaml b/rust/fatcat-api-spec/api.yaml
index 76f51e63..4d3443de 100644
--- a/rust/fatcat-api-spec/api.yaml
+++ b/rust/fatcat-api-spec/api.yaml
@@ -2854,8 +2854,6 @@ paths:
       operationId: "get_editgroup_annotations"
       tags: # TAGLINE
         - edit-lifecycle # TAGLINE
-      security:
-        - Bearer: []
       parameters:
         - name: expand
           in: query
diff --git a/rust/fatcat-api-spec/api/swagger.yaml b/rust/fatcat-api-spec/api/swagger.yaml
index e8b8650d..f70b434c 100644
--- a/rust/fatcat-api-spec/api/swagger.yaml
+++ b/rust/fatcat-api-spec/api/swagger.yaml
@@ -6929,8 +6929,6 @@ paths:
           uppercase_operation_id: "GET_EDITGROUP_ANNOTATIONS"
           uppercase_data_type: "ERRORRESPONSE"
           producesJson: true
-      security:
-      - Bearer: []
       operation_id: "get_editgroup_annotations"
       uppercase_operation_id: "GET_EDITGROUP_ANNOTATIONS"
       path: "/editgroup/:editgroup_id/annotations"
diff --git a/rust/fatcat-api-spec/src/server.rs b/rust/fatcat-api-spec/src/server.rs
index af13948e..90b4d19a 100644
--- a/rust/fatcat-api-spec/src/server.rs
+++ b/rust/fatcat-api-spec/src/server.rs
@@ -4196,8 +4196,6 @@ where
                 context.auth_data = req.extensions.remove::<AuthData>();
                 context.authorization = req.extensions.remove::<Authorization>();
 
-                let authorization = context.authorization.as_ref().ok_or_else(|| Response::with((status::Forbidden, "Unauthenticated".to_string())))?;
-
                 // Path parameters
                 let param_editgroup_id = {
                     let param = req
-- 
cgit v1.2.3