The /execute endpoint should require authentication as well

2020-11-28 15:28:09 +01:00 · 2020-11-28 15:28:09 +01:00 · 229b2de566
parent dea547a491
commit 229b2de566
3 changed files with 4 additions and 10 deletions
--- a/platypush/backend/http/app/routes/dashboard.py
+++ b/platypush/backend/http/app/routes/dashboard.py
@ -1,4 +1,4 @@
-from flask import Blueprint, request, render_template
+from flask import Blueprint, render_template

 from platypush.backend.http.app import template_folder
 from platypush.backend.http.app.utils import authenticate, get_websocket_port
@ -12,9 +12,10 @@ __routes__ = [
 ]


+# noinspection PyUnusedLocal
@dashboard.route('/dashboard/<name>', methods=['GET'])
@authenticate()
-def render_dashboard(*_, **__):
+def render_dashboard(name):
    """ Route for the dashboard """
    return render_template('index.html',
                           utils=HttpUtils,
--- a/platypush/backend/http/app/routes/execute.py
+++ b/platypush/backend/http/app/routes/execute.py
@ -14,7 +14,7 @@ __routes__ = [


@execute.route('/execute', methods=['POST'])
-@authenticate(skip_auth_methods=['session'])
+@authenticate()
 def execute():
    """ Endpoint to execute commands """
    try:
--- a/platypush/backend/http/webapp/src/utils/Api.vue
+++ b/platypush/backend/http/webapp/src/utils/Api.vue
@ -15,13 +15,6 @@ export default {
        request['type'] = 'request'
      }

-      // TODO Proper auth/token management
-      // if (window.config.token) {
-      //   opts.headers = {
-      //     'X-Token': window.config.token
-      //   }
-      // }
-
      if (timeout) {
        opts.timeout = timeout
      }