GET /api/v3_0/assets/public should ask for token authentication

flexmeasures/api/v3_0/assets.py

@@ -2,7 +2,7 @@
 
 from flask import current_app
 from flask_classful import FlaskView, route
-from flask_security import login_required
+from flask_security import auth_token_required
 from flask_json import as_json
 from marshmallow import fields
 from webargs.flaskparser import use_kwargs, use_args
@@ -81,7 +81,7 @@ def index(self, account: Account):
         return assets_schema.dump(account.generic_assets), 200
 
     @route("/public", methods=["GET"])
-    @login_required
+    @auth_token_required
     @as_json
     def public(self):
         """Return all public assets.

flexmeasures/api/v3_0/tests/test_assets_api.py

@@ -102,13 +102,22 @@ def test_get_assets(
         assert turbine["account_id"] == setup_accounts["Supplier"].id
 
 
+def test_get_public_assets_noauth(client, setup_api_test_data, setup_accounts):
+    get_assets_response = client.get(
+        url_for("AssetAPI:public"), headers={"content-type": "application/json"}
+    )
+    print("Server responded with:\n%s" % get_assets_response.json)
+    assert get_assets_response.status_code == 401
+
+
 def test_get_public_assets(client, setup_api_test_data, setup_accounts):
     auth_token = get_auth_token(client, "test_admin_user@seita.nl", "testtest")
     get_assets_response = client.get(
         url_for("AssetAPI:public"),
         headers={"content-type": "application/json", "Authorization": auth_token},
     )
     print("Server responded with:\n%s" % get_assets_response.json)
+    assert get_assets_response.status_code == 200
     assert len(get_assets_response.json) == 1
     assert get_assets_response.json[0]["name"] == "troposphere"