Change non logged in 403s to 401s.
This commit is contained in:
jakedt
parent
7bd4b9a71c
commit
6fc369bed2
5 changed files with 163 additions and 158 deletions
|
|
@ -8,13 +8,14 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
|
|||
from app import app
|
||||
from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
|
||||
log_action, internal_only, NotFound, Unauthorized, require_user_admin,
|
||||
require_user_read, InvalidToken)
|
||||
require_user_read, InvalidToken, require_scope)
|
||||
from endpoints.api.subscribe import subscribe
|
||||
from endpoints.common import common_login
|
||||
from data import model
|
||||
from data.plans import get_plan
|
||||
from auth.permissions import AdministerOrganizationPermission, CreateRepositoryPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from util.gravatar import compute_hash
|
||||
from util.email import (send_confirmation_email, send_recovery_email,
|
||||
send_change_email)
|
||||
|
|
@ -108,13 +109,13 @@ class User(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_user_read
|
||||
@require_scope(scopes.READ_USER)
|
||||
@nickname('getLoggedInUser')
|
||||
def get(self):
|
||||
""" Get user information for the authenticated user. """
|
||||
user = get_authenticated_user()
|
||||
if user.organization:
|
||||
raise InvalidToken('User must not be an organization.')
|
||||
if user is None or user.organization:
|
||||
raise InvalidToken("Requires authentication", payload={'session_required': False})
|
||||
|
||||
return user_view(user)
|
||||
|
||||
|
|
|
|||
Reference in a new issue