Handle disabled situation

API-interface
dgtlmoon 3 years ago
parent 4cf2d9d7aa
commit fba4b6747e

@ -10,6 +10,10 @@ def check_token(f):
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
datastore = args[0].datastore datastore = args[0].datastore
config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')
if not config_api_token_enabled:
return
try: try:
api_key_header = request.headers['x-api-key'] api_key_header = request.headers['x-api-key']
except KeyError: except KeyError:
@ -18,9 +22,8 @@ def check_token(f):
) )
config_api_token = datastore.data['settings']['application'].get('api_access_token') config_api_token = datastore.data['settings']['application'].get('api_access_token')
config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')
if config_api_token_enabled and api_key_header != config_api_token: if api_key_header != config_api_token:
return make_response( return make_response(
jsonify("Invalid access - API key invalid."), 403 jsonify("Invalid access - API key invalid."), 403
) )

@ -198,8 +198,6 @@ def test_access_denied(client, live_server):
follow_redirects=True follow_redirects=True
) )
# with open('/tmp/f.html', 'wb') as f:
# f.write(res.data)
assert b"Settings updated." in res.data assert b"Settings updated." in res.data
res = client.get( res = client.get(

Loading…
Cancel
Save