You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by he...@apache.org on 2015/10/15 21:00:56 UTC
[09/42] allura git commit: Allow token auth over http when in debug
mode
Allow token auth over http when in debug mode
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/93be1519
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/93be1519
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/93be1519
Branch: refs/heads/hs/7919
Commit: 93be151997c74d269fd4ed0cd1081a1eb48e2b0a
Parents: 2bdcb95
Author: Heith Seewald <hs...@hsmb.local>
Authored: Fri Oct 9 12:25:38 2015 -0400
Committer: Heith Seewald <hs...@hsmb.local>
Committed: Fri Oct 9 12:25:38 2015 -0400
----------------------------------------------------------------------
Allura/allura/controllers/rest.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/93be1519/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 2578fa2..30d28d9 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -21,8 +21,9 @@
import logging
import oauth2 as oauth
+from paste.util.converters import asbool
from webob import exc
-from tg import expose, flash, redirect
+from tg import expose, flash, redirect, config
from pylons import tmpl_context as c, app_globals as g
from pylons import request, response
@@ -117,7 +118,8 @@ class OAuthNegotiator(object):
# handle bearer tokens
# skip https check if auth invoked from tests
testing = request.environ.get('paste.testing', False)
- if not testing and request.scheme != 'https':
+ debug = asbool(config.get('debug', False))
+ if not testing and request.scheme != 'https' and not debug:
request.environ['pylons.status_code_redirect'] = True
raise exc.HTTPForbidden
access_token = M.OAuthAccessToken.query.get(api_key=access_token)