Merge branch '23f5287a-6c5e-4484-be6f-bb7f38a48180' into 'master'

Remove --auth option from server commands

Closes #7

See merge request bugseverywhere/bugseverywhere!8

1 files changed, 2 insertions, 13 deletions

diff --git a/libbe/command/serve_commands.py b/libbe/command/serve_commands.py
index 30b4a69..c2a1be8 100644
--- a/libbe/command/serve_commands.py
+++ b/libbe/command/serve_commands.py
@@ -80,7 +80,6 @@ class ServerApp (libbe.util.wsgi.WSGI_AppObject,
 
     # handlers
     def run(self, environ, start_response):
-        self.check_login(environ)
         data = self.post_data(environ)
         source = 'post'
         try:
@@ -113,15 +112,6 @@ class ServerApp (libbe.util.wsgi.WSGI_AppObject,
     def _parse_post(self, post):
         return libbe.storage.util.mapfile.parse(post)
 
-    def check_login(self, environ):
-        user = environ.get('be-auth.user', None)
-        if user is not None:  # we're running under AuthenticationApp
-            if environ['REQUEST_METHOD'] == 'POST':
-                # TODO: better detection of commands requiring writes
-                if user == 'guest' or self.storage.is_writeable() == False:
-                    raise _Unauthorized() # only non-guests allowed to write
-            # allow read-only commands for all users
-
     def _notify(self, environ, command, id, params):
         message = self._format_notification(environ, command, id, params)
         self._submit_notification(message)
@@ -179,9 +169,8 @@ And in another terminal (or after backgrounding the server)::
     $ be --server http://localhost:8000/ list
 
 If you bind your server to a public interface, take a look at the
-``--read-only`` option or the combined ``--ssl --auth FILE``
-options so other people can't mess with your repository.  If you do use
-authentication, you'll need to send in your username and password::
+``--read-only`` option so other people can't mess with your
+repository.
 
     $ be --server http://username:password@localhost:8000/ list
 """