diff --git a/tests/test_api.py b/tests/test_api.py
index e9549e32749b7cc597e5920036e0627432d56961..a77e302db02d231fd2ab6c2c16775b407e837de2 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -10,10 +10,6 @@ def basic_auth(username, password):
class TestAPIAuth(UffdTestCase):
def setUpApp(self):
- self.app.config['API_CLIENTS'] = {
- 'testtoken1': {'scopes': ['testscope']},
- 'testtoken2': {},
- }
self.app.config['API_CLIENTS_2'] = {
'test1': {'client_secret': 'testsecret1', 'scopes': ['getusers', 'testscope']},
'test2': {'client_secret': 'testsecret2'},
@@ -56,26 +52,6 @@ class TestAPIAuth(UffdTestCase):
r = self.client.get(path=url_for('testendpoint3'), headers=[basic_auth('test2', 'testsecret2')], follow_redirects=True)
self.assertEqual(r.status_code, 403)
- def test_bearer(self):
- r = self.client.get(path=url_for('testendpoint1'), headers=[('Authorization', 'Bearer testtoken1')], follow_redirects=True)
- self.assertEqual(r.status_code, 200)
- r = self.client.get(path=url_for('testendpoint2'), headers=[('Authorization', 'Bearer testtoken1')], follow_redirects=True)
- self.assertEqual(r.status_code, 200)
- r = self.client.get(path=url_for('testendpoint3'), headers=[('Authorization', 'Bearer testtoken1')], follow_redirects=True)
- self.assertEqual(r.status_code, 200)
- r = self.client.get(path=url_for('testendpoint1'), headers=[('Authorization', 'Bearer testtoken2')], follow_redirects=True)
- self.assertEqual(r.status_code, 200)
- r = self.client.get(path=url_for('testendpoint2'), headers=[('Authorization', 'Bearer testtoken2')], follow_redirects=True)
- self.assertEqual(r.status_code, 200)
-
- def test_bearer_invalid_credentials(self):
- r = self.client.get(path=url_for('testendpoint1'), headers=[('Authorization', 'Bearer testtoken-none')], follow_redirects=True)
- self.assertEqual(r.status_code, 401)
-
- def test_bearer_missing_scope(self):
- r = self.client.get(path=url_for('testendpoint3'), headers=[('Authorization', 'Bearer testtoken2')], follow_redirects=True)
- self.assertEqual(r.status_code, 401)
-
def test_no_auth(self):
r = self.client.get(path=url_for('testendpoint1'), follow_redirects=True)
self.assertEqual(r.status_code, 401)
diff --git a/uffd/api/views.py b/uffd/api/views.py
index 9b6dba63c8257dea947fbfbb395974ee2b14ffc6..cf793deb16623e16e152f89306a0a2000f41db09 100644
--- a/uffd/api/views.py
+++ b/uffd/api/views.py
@@ -22,20 +22,8 @@ def apikey_required(scope=None):
return 'Unauthorized', 401, {'WWW-Authenticate': ['Basic realm="api"']}
if scope is not None and scope not in client.get('scopes', []):
return 'Forbidden', 403
- # To be removed in uffd v2
- elif 'Authorization' in request.headers and request.headers['Authorization'].startswith('Bearer '):
- token = request.headers['Authorization'][7:].strip()
- client = None
- for client_token, data in current_app.config['API_CLIENTS'].items():
- if secrets.compare_digest(client_token, token):
- client = data
- if client is None:
- return 'Unauthorized', 401, {'WWW-Authenticate': 'Bearer error="invalid_token"'}
- client_scopes = ['getusers'] + client.get('scopes', [])
- if scope is not None and scope not in client_scopes:
- return 'Unauthorized', 401, {'WWW-Authenticate': 'Bearer error="insufficient_scope",scope="%s"'%scope}
else:
- return 'Unauthorized', 401, {'WWW-Authenticate': ['Bearer', 'Basic realm="api"']}
+ return 'Unauthorized', 401, {'WWW-Authenticate': ['Basic realm="api"']}
return func(*args, **kwargs)
return decorator
return wrapper
diff --git a/uffd/default_config.cfg b/uffd/default_config.cfg
index 22018830e360f85441a5ffcd14072af4e461ce2f..f869cc67923252917892d9dd64a7a2cc3fa69d4a 100644
--- a/uffd/default_config.cfg
+++ b/uffd/default_config.cfg
@@ -60,11 +60,6 @@ OAUTH2_CLIENTS={
# Set 'login_message' (or suffixed with a language code like 'login_message_de') to display a custom message on the login form.
}
-# Deprecated, will be removed in uffd v2
-API_CLIENTS={
- #'token': {'scopes': ['checkpassword']}
-}
-
API_CLIENTS_2={
#'test_client_id' : {'client_secret': 'random_secret', 'scopes': ['users', 'checkpassword']},
# Scopes: