From 2bda81c59fa62c1236b11a59f822bb97d10289b6 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Mon, 27 Aug 2018 20:31:56 +0200 Subject: [PATCH] [enh] make auth works --- cli.py | 4 ++++ run.py | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/cli.py b/cli.py index 8fe5ac8..8a53d9a 100644 --- a/cli.py +++ b/cli.py @@ -39,6 +39,10 @@ def request_api(path, domain, verb, data): json=data, ) + if response.status_code == 403: + print(f"Error: access refused because '{response.json()['status']}'") + sys.exit(1) + # TODO: real error message assert response.status_code == 200, response.content assert response.content == b"ok", response.content diff --git a/run.py b/run.py index f669528..135b361 100644 --- a/run.py +++ b/run.py @@ -333,11 +333,11 @@ def require_token(): # run some method that checks the request # for the client's authorization status if "X-Token" not in request.headers: - return json({'status': 'you need to provide a token to access the API, please refer to the README'}, 403) + return response.json({'status': 'you need to provide a token to access the API, please refer to the README'}, 403) if not os.path.exists("tokens"): api_logger.warning("No tokens available and a user is trying to access the API") - return json({'status': 'invalide token'}, 403) + return response.json({'status': 'invalide token'}, 403) async with aiofiles.open('tokens', mode='r') as f: tokens = await f.read() @@ -347,10 +347,10 @@ def require_token(): if token not in tokens: api_logger.warning(f"someone tried to access the API using the {token} but it's not a valid token in the 'tokens' file") - return json({'status': 'invalide token'}, 403) + return response.json({'status': 'invalide token'}, 403) - response = await f(request, *args, **kwargs) - return response + result = await f(request, *args, **kwargs) + return result return decorated_function return decorator