Change non logged in 403s to 401s.
This commit is contained in:
jakedt
parent
7bd4b9a71c
commit
6fc369bed2
5 changed files with 163 additions and 158 deletions
|
|
@ -57,7 +57,12 @@ class InvalidToken(ApiException):
|
|||
|
||||
class Unauthorized(ApiException):
|
||||
def __init__(self, payload=None):
|
||||
ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload)
|
||||
user = get_authenticated_user()
|
||||
if user is None or user.organization:
|
||||
ApiException.__init__(self, 'invalid_token', 401, "Requires authentication", payload)
|
||||
else:
|
||||
ApiException.__init__(self, 'insufficient_scope', 403, 'Unauthorized', payload)
|
||||
|
||||
|
||||
|
||||
class NotFound(ApiException):
|
||||
|
|
@ -190,8 +195,7 @@ def require_user_permission(permission_class, scope=None):
|
|||
def wrapped(self, *args, **kwargs):
|
||||
user = get_authenticated_user()
|
||||
if not user:
|
||||
logger.debug('User is anonymous.')
|
||||
raise InvalidToken('Method requires an auth token or user login.')
|
||||
raise Unauthorized()
|
||||
|
||||
logger.debug('Checking permission %s for user', permission_class, user.username)
|
||||
permission = permission_class(user.username)
|
||||
|
|
@ -202,7 +206,7 @@ def require_user_permission(permission_class, scope=None):
|
|||
return wrapper
|
||||
|
||||
|
||||
require_user_read = require_user_permission(UserReadPermission, scopes.USER_READ)
|
||||
require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
|
||||
require_user_admin = require_user_permission(UserAdminPermission, None)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -8,13 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
|
|||
from app import app
|
||||
from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
|
||||
log_action, internal_only, NotFound, Unauthorized, require_user_admin,
|
||||
require_user_read, InvalidToken)
|
||||
require_user_read, InvalidToken, require_scope)
|
||||
from endpoints.api.subscribe import subscribe
|
||||
from endpoints.common import common_login
|
||||
from data import model
|
||||
from data.plans import get_plan
|
||||
from auth.permissions import AdministerOrganizationPermission, CreateRepositoryPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from util.gravatar import compute_hash
|
||||
from util.email import (send_confirmation_email, send_recovery_email,
|
||||
send_change_email)
|
||||
|
|
@ -108,13 +109,13 @@ class User(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_user_read
|
||||
@require_scope(scopes.READ_USER)
|
||||
@nickname('getLoggedInUser')
|
||||
def get(self):
|
||||
""" Get user information for the authenticated user. """
|
||||
user = get_authenticated_user()
|
||||
if user.organization:
|
||||
raise InvalidToken('User must not be an organization.')
|
||||
if user is None or user.organization:
|
||||
raise InvalidToken("Requires authentication", payload={'session_required': False})
|
||||
|
||||
return user_view(user)
|
||||
|
||||
|
|
|
|||
Reference in a new issue