You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2015/10/09 23:51:49 UTC

allura git commit: Allow token auth over http when in debug mode

Repository: allura
Updated Branches:
  refs/heads/master 2bdcb95a3 -> 93be15199


Allow token auth over http when in debug mode


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/93be1519
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/93be1519
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/93be1519

Branch: refs/heads/master
Commit: 93be151997c74d269fd4ed0cd1081a1eb48e2b0a
Parents: 2bdcb95
Author: Heith Seewald <hs...@hsmb.local>
Authored: Fri Oct 9 12:25:38 2015 -0400
Committer: Heith Seewald <hs...@hsmb.local>
Committed: Fri Oct 9 12:25:38 2015 -0400

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/93be1519/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 2578fa2..30d28d9 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -21,8 +21,9 @@
 import logging
 
 import oauth2 as oauth
+from paste.util.converters import asbool
 from webob import exc
-from tg import expose, flash, redirect
+from tg import expose, flash, redirect, config
 from pylons import tmpl_context as c, app_globals as g
 from pylons import request, response
 
@@ -117,7 +118,8 @@ class OAuthNegotiator(object):
             # handle bearer tokens
             # skip https check if auth invoked from tests
             testing = request.environ.get('paste.testing', False)
-            if not testing and request.scheme != 'https':
+            debug = asbool(config.get('debug', False))
+            if not testing and request.scheme != 'https' and not debug:
                 request.environ['pylons.status_code_redirect'] = True
                 raise exc.HTTPForbidden
             access_token = M.OAuthAccessToken.query.get(api_key=access_token)