From fe0928490feffb8125ba33f031e994af5811677a Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lwirzenius@wikimedia.org>
Date: Mon, 1 Jul 2019 18:27:29 +0300
Subject: Change: api.py to require hello scope for /hello endpoint

---
 api.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/api.py b/api.py
index 0eb850f..d593260 100644
--- a/api.py
+++ b/api.py
@@ -31,12 +31,13 @@ class AccessChecker:
             logging.error('No valid access token')
             return False
 
-        scopes = token.get('scope', '').split()
-        missing = set(required_scopes).difference(scopes)
-        if missing:
-            logging.error(
-                'Required scopes that are missing from token: %r', missing)
-            return False
+        if token:
+            scopes = token.get('scope', '').split()
+            missing = set(required_scopes).difference(scopes)
+            if missing:
+                logging.error(
+                    'Required scopes that are missing from token: %r', missing)
+                return False
 
         return True
 
@@ -101,7 +102,7 @@ class Controller(API):
                 'method': 'GET',
                 'path': '/hello/<name>',
                 'func': self._hello,
-                'scopes': [],
+                'scopes': ['hello'],
             },
         ]
 
-- 
cgit v1.2.1