Make shared threads fully public.,

ansari-project · Apr 1, 2024 · d3e314e · d3e314e
1 parent 138ed0d
commit d3e314e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 14 deletions.
diff --git a/main_api.py b/main_api.py
@@ -324,26 +324,19 @@ def share_thread(
 def get_snapshot(
     share_uuid_str: str,
     cors_ok: bool = Depends(validate_cors),
-    token_params: dict = Depends(db.validate_token),
 ):
     """
     Take a snapshot of a thread at this time and make it shareable.
 
     """
     logger.info(f"Incoming share_uuid is {share_uuid_str}")
     share_uuid = uuid.UUID(share_uuid_str)
-    if cors_ok and token_params:
-        logger.info(f"Token_params is {token_params}")
-        # TODO(mwk): check that the user_id in the token matches the
-        # user_id associated with the thread_id.
-        try:
-            content = db.get_snapshot(share_uuid)
-            return {"status": "success", "content": content}
-        except psycopg2.Error as e:
-            logger.critical(f"Error: {e}")
-            raise HTTPException(status_code=500, detail="Database error")
-    else:
-        raise HTTPException(status_code=403, detail="CORS not permitted")
+    try:
+        content = db.get_snapshot(share_uuid)
+        return {"status": "success", "content": content}
+    except psycopg2.Error as e:
+        logger.critical(f"Error: {e}")
+        raise HTTPException(status_code=500, detail="Database error")
 
 
 @app.get("/api/v2/threads/{thread_id}")

diff --git a/tests/test_main_api.py b/tests/test_main_api.py
@@ -272,7 +272,8 @@ async def test_share_thread(login_user, create_thread):
     response = client.get(
         f"api/v2/share/{share_uuid}",
         headers={
-            "Authorization": f"Bearer {login_user}",
+            # NOTE: We do not need to pass the Authorization header here
+            # Accessing a shared thread does not require authentication
             "x-mobile-ansari": "ANSARI",
         },
     )