From c73c71c9e98354ae2bb5f274b1ba85f3ec71aecf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torma=20Krist=C3=B3f?= <tormakristof@tormakristof.eu>
Date: Thu, 26 Nov 2020 06:25:52 +0100
Subject: [PATCH] do not sign in when not necessary

---
 src/app.py       |  4 ++--
 src/resources.py | 15 ++-------------
 2 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/src/app.py b/src/app.py
index 51dfc58..ca89d26 100644
--- a/src/app.py
+++ b/src/app.py
@@ -13,7 +13,7 @@ from marshm import ma
 from fred import flaskred
 from config import SENTRY_DSN, RELEASEMODE, RELEASE_ID, PORT, DEBUG, REDIS_URL, ALLOWED_ORIGINS
 from errorhandlers import register_all_error_handlers
-from resources import LoginApi, ListsApi, MeApi, SingleListApi, TrackApi
+from resources import LoginApi, ListsApi, MeApi, SingleListApi, ItemApi
 
 """
 Main Flask RESTful API
@@ -68,7 +68,7 @@ api.add_resource(LoginApi, '/api/auth/login')
 api.add_resource(MeApi, '/api/auth/me')
 api.add_resource(ListsApi, '/api/lists')
 api.add_resource(SingleListApi, '/api/lists/<listid>')
-api.add_resource(TrackApi, '/api/items/<itemid>')
+api.add_resource(ItemApi, '/api/items/<itemid>')
 
 app.add_url_rule("/healthz", "healthcheck", view_func=lambda: health.run())
 
diff --git a/src/resources.py b/src/resources.py
index 9caaaaa..6920cba 100644
--- a/src/resources.py
+++ b/src/resources.py
@@ -189,25 +189,16 @@ class SingleListApi(Resource):
         return retdata, 200
 
 
-class TrackApi(Resource):
+class ItemApi(Resource):
     """
     See: https://swagger.kmlabz.com/?urls.primaryName=onSpot%20Backend#/backend/getItem
     """
-    encryptor = EncryptedUserRedis(ENCODED_SECRET_KEY)
-
     def get(self, itemid: str):
-        try:
-            currcreds = self.encryptor.load(flaskred.get(request.headers.get('Authorization')).decode('UTF-8'))
-        except Exception as e:
-            current_app.logger.warning(e)
-            abort(401, "unauthorized")
         try:
             item_type = flaskred.get(itemid).decode('UTF-8')
         except Exception as e:
             current_app.logger.warning(e)
-            abort(404, "unknown list")
-        musicbrainzngs.auth(currcreds['name'], currcreds['password'])
-
+            abort(404, "unknown item")
         if item_type == 'release':
             currrelease = musicbrainzngs.get_release_by_id(itemid, includes=['artists'])['release']
             print(currrelease)
@@ -232,7 +223,5 @@ class TrackApi(Resource):
         else:
             abort(417, "wrong type of item")
 
-        musicbrainzngs.auth(None, None)
-
         retdata['type'] = item_type
         return retdata, 200