Handle disabled situation

3 years ago · fba4b6747e
parent 4cf2d9d7aa
commit fba4b6747e
2 changed files with 5 additions and 4 deletions
--- a/changedetectionio/api/auth.py
+++ b/changedetectionio/api/auth.py
@ -10,6 +10,10 @@ def check_token(f):
    def decorated(*args, **kwargs):
        datastore = args[0].datastore

+        config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')
+        if not config_api_token_enabled:
+            return
+
        try:
            api_key_header = request.headers['x-api-key']
        except KeyError:
@ -18,9 +22,8 @@ def check_token(f):
            )

        config_api_token = datastore.data['settings']['application'].get('api_access_token')
-        config_api_token_enabled = datastore.data['settings']['application'].get('api_access_token_enabled')

-        if config_api_token_enabled and api_key_header != config_api_token:
+        if api_key_header != config_api_token:
            return make_response(
                jsonify("Invalid access - API key invalid."), 403
            )
--- a/changedetectionio/tests/test_api.py
+++ b/changedetectionio/tests/test_api.py
@ -198,8 +198,6 @@ def test_access_denied(client, live_server):
        follow_redirects=True
    )

-#    with open('/tmp/f.html', 'wb') as f:
-#        f.write(res.data)
    assert b"Settings updated." in res.data

    res = client.get(