From 61296bc03a4057d4d986dcf8e1d232029284d062 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Feb 12 2017 12:45:03 +0000
Subject: Actually check requires_valid_token in API calls


This change will make sure that if a token is not provided in a call
that requires API tokens, we return a sane error message.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Howard Johnson <merlin@merlinthp.org>

---

diff --git a/ipsilon/providers/openidc/api.py b/ipsilon/providers/openidc/api.py
index 66c5802..222347b 100644
--- a/ipsilon/providers/openidc/api.py
+++ b/ipsilon/providers/openidc/api.py
@@ -207,6 +207,9 @@ class APIRequest(ProviderPageBase):
             # Bearer token
             token = post_args['access_token']
             self._handle_token_authentication(token)
+        if self.requires_valid_token and not self.api_token:
+            self.error('No token provided in call that requires one')
+            raise APIError(403, 'no_token_provided')
 
     def require_scope(self, scope):
         if scope not in self.api_scopes: