Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GET /api/v3_0/assets/public should ask for token authentication #649

Merged
merged 2 commits into from Apr 26, 2023
Merged

GET /api/v3_0/assets/public should ask for token authentication #649

merged 2 commits into from Apr 26, 2023

Conversation

nhoening
Copy link
Contributor

... as it's meant to be used via JSON

@nhoening
GET /assets/public should ask for token authentication, as it's meant…
35b0056 
… to be used via JSON

Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening
Copy link
Contributor Author

Does this require a changelof entry?

@coveralls
Copy link
Collaborator

coveralls commented Apr 25, 2023
edited

Pull Request Test Coverage Report for Build 4807223105

  • 2 of 2 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 64.812%
Totals Coverage Status
Change from base Build 4787293963: 0.0%
Covered Lines: 7082
Relevant Lines: 10171
💛 - Coveralls

@nhoening nhoening requested a review from GustaafL April 25, 2023 13:39
GustaafL
GustaafL approved these changes Apr 26, 2023
View reviewed changes
Copy link
Contributor

@GustaafL GustaafL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I checked if the frontend has any dependencies on this that require changes but I believe it doesn't. Everything also still works.

@Flix6x Flix6x changed the title GET /assets/public should ask for token authentication GET /api/v3_0/assets/public should ask for token authentication Apr 26, 2023
Flix6x
Flix6x reviewed Apr 26, 2023
View reviewed changes
Copy link
Contributor

@Flix6x Flix6x left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A big UX difference between using those decorators is that @login_required leads to forwarding the agent to the login page, whereas @auth_token_required leads to returning a "unauthenticated" JSON message. In other words, I would classify this as a bug, and would recommend adding a changelog entry.

@Flix6x
Copy link
Contributor

Flix6x commented Apr 26, 2023

Idea for letting all API views subclass APIView, and letting all UI views subclass UIView, defined as follows:

class APIView(FlaskView):
    trailing_slash = False
    decorators = [auth_required()]


class UIView(FlaskView):
    decorators = [login_required()]

@nhoening
add changelog entry
ea8d989 
Signed-off-by: Nicolas Höning <nicolas@seita.nl>
@nhoening
Copy link
Contributor Author

Nice. But this further entrenches the use of Flask-Classful. On the PR there which blocks us, people are asking officially if the project is abandoned.

@nhoening nhoening merged commit 3de5975 into main Apr 26, 2023
5 checks passed
@nhoening nhoening deleted the token-auth-on-public-asset-API branch April 26, 2023 09:56
@Flix6x Flix6x added this to the 0.13.0 milestone May 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Flix6x Flix6x Flix6x left review comments

@GustaafL GustaafL GustaafL approved these changes

Assignees
No one assigned
Labels
API Auth
Projects
None yet
Milestone
0.13.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nhoening @coveralls @Flix6x @GustaafL