GET /api/v3_0/assets/public should ask for token authentication (#649)

* GET /assets/public should ask for token authentication, as it's meant to be used via JSON Signed-off-by: Nicolas Höning <nicolas@seita.nl> * add changelog entry Signed-off-by: Nicolas Höning <nicolas@seita.nl> --------- Signed-off-by: Nicolas Höning <nicolas@seita.nl>
FlexMeasures · Apr 26, 2023 · 3de5975 · 3de5975
1 parent ec5b036
commit 3de5975
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/documentation/changelog.rst b/documentation/changelog.rst
@@ -23,6 +23,7 @@ Bugfixes
 -----------
 
 * Fix copy button on tutorials and other documentation, so that only commands are copied and no output or comments [see `PR #636 <https://www.github.com/FlexMeasures/flexmeasures/pull/636>`_]
+* GET /api/v3_0/assets/public should ask for token authentication and not forward to login page [see `PR #649 <https://www.github.com/FlexMeasures/flexmeasures/pull/649>`_]
 
 Infrastructure / Support
 ----------------------

diff --git a/flexmeasures/api/v3_0/assets.py b/flexmeasures/api/v3_0/assets.py
@@ -2,7 +2,7 @@
 
 from flask import current_app
 from flask_classful import FlaskView, route
-from flask_security import login_required
+from flask_security import auth_token_required
 from flask_json import as_json
 from marshmallow import fields
 from webargs.flaskparser import use_kwargs, use_args
@@ -81,7 +81,7 @@ def index(self, account: Account):
         return assets_schema.dump(account.generic_assets), 200
 
     @route("/public", methods=["GET"])
-    @login_required
+    @auth_token_required
     @as_json
     def public(self):
         """Return all public assets.

diff --git a/flexmeasures/api/v3_0/tests/test_assets_api.py b/flexmeasures/api/v3_0/tests/test_assets_api.py
@@ -102,13 +102,22 @@ def test_get_assets(
         assert turbine["account_id"] == setup_accounts["Supplier"].id
 
 
+def test_get_public_assets_noauth(client, setup_api_test_data, setup_accounts):
+    get_assets_response = client.get(
+        url_for("AssetAPI:public"), headers={"content-type": "application/json"}
+    )
+    print("Server responded with:\n%s" % get_assets_response.json)
+    assert get_assets_response.status_code == 401
+
+
 def test_get_public_assets(client, setup_api_test_data, setup_accounts):
     auth_token = get_auth_token(client, "test_admin_user@seita.nl", "testtest")
     get_assets_response = client.get(
         url_for("AssetAPI:public"),
         headers={"content-type": "application/json", "Authorization": auth_token},
     )
     print("Server responded with:\n%s" % get_assets_response.json)
+    assert get_assets_response.status_code == 200
     assert len(get_assets_response.json) == 1
     assert get_assets_response.json[0]["name"] == "troposphere"