Merge pull request #850 from coreos-inc/anonallowed
Recover by email needs to allow anon access to its endpoints
This commit is contained in:
josephschorr
commit
8e92e9be54
2 changed files with 5 additions and 1 deletions
|
|
@ -643,6 +643,7 @@ class Recovery(ApiResource):
|
|||
}
|
||||
|
||||
@nickname('requestRecoveryEmail')
|
||||
@anon_allowed
|
||||
@validate_json_request('RequestRecovery')
|
||||
def post(self):
|
||||
""" Request a password recovery email."""
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ from util.invoice import renderInvoiceToPdf
|
|||
from util.seo import render_snapshot
|
||||
from util.cache import no_cache
|
||||
from endpoints.common import common_login, render_page_template, route_show_if, param_required
|
||||
from endpoints.decorators import anon_protect
|
||||
from endpoints.decorators import anon_protect, anon_allowed
|
||||
from endpoints.csrf import csrf_protect, generate_csrf_token, verify_csrf
|
||||
|
||||
from buildtrigger.customhandler import CustomBuildTrigger
|
||||
|
|
@ -366,6 +366,7 @@ def confirm_repo_email():
|
|||
|
||||
@web.route('/confirm', methods=['GET'])
|
||||
@route_show_if(features.MAILING)
|
||||
@anon_allowed
|
||||
def confirm_email():
|
||||
code = request.values['code']
|
||||
user = None
|
||||
|
|
@ -386,6 +387,8 @@ def confirm_email():
|
|||
|
||||
|
||||
@web.route('/recovery', methods=['GET'])
|
||||
@route_show_if(features.MAILING)
|
||||
@anon_allowed
|
||||
def confirm_recovery():
|
||||
code = request.values['code']
|
||||
user = model.user.validate_reset_code(code)
|
||||
|
|
|
|||
Reference in a new issue