ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2025-02-21 18:06:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api-keys: Remove os variant parameter for authentication check

Browse Source 
The current code authenticates unmanaged production devices which makes
no sense. Unmanaged devices do not need to authenticate with the API.

Change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
This commit is contained in:
Alex Gonzalez 2021-07-27 16:57:20 +00:00
parent 1abd10a129
commit 9e0cbe04c6
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lib/api-keys.ts
View File

@ -125,12 +125,10 @@ export const authMiddleware: AuthorizedRequestHandler = async (
};
try {
const conf = await config.getMany(['localMode', 'unmanaged', 'osVariant']);
const conf = await config.getMany(['localMode', 'unmanaged']);
// we only need to check the API key if a) unmanaged and on a production image, or b) managed and not in local mode
const needsAuth = conf.unmanaged
? conf.osVariant === 'prod'
: !conf.localMode;
// we only need to check the API key if managed and not in local mode
const needsAuth = !conf.unmanaged && !conf.localMode;
// no need to authenticate, shortcut
if (!needsAuth) {