From 9fe4ea478d22d7dfb2638eee8a8b2246f90af002 Mon Sep 17 00:00:00 2001
From: "Kali Kaneko (leap communications)" <kali@leap.se>
Date: Mon, 12 Dec 2016 01:43:51 +0100
Subject: [refactor] reorganize API

so that whitelisting doesn't have to peek into the data.
added more documentation and some tests stubs too.
---
 src/leap/bitmask/core/web/_auth.py   | 3 ---
 src/leap/bitmask/core/web/service.py | 8 +++++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/leap/bitmask/core/web')

diff --git a/src/leap/bitmask/core/web/_auth.py b/src/leap/bitmask/core/web/_auth.py
index 6a5e362..3eb4fa1 100644
--- a/src/leap/bitmask/core/web/_auth.py
+++ b/src/leap/bitmask/core/web/_auth.py
@@ -18,9 +18,6 @@ class WhitelistHTTPAuthSessionWrapper(HTTPAuthSessionWrapper):
     It doesn't apply the enforcement to routes included in a whitelist.
     """
 
-    # TODO extend this to inspect the data -- so that we pass a tuple
-    # with the action
-
     whitelist = (None,)
 
     def __init__(self, *args, **kw):
diff --git a/src/leap/bitmask/core/web/service.py b/src/leap/bitmask/core/web/service.py
index 2437d2d..77e1c72 100644
--- a/src/leap/bitmask/core/web/service.py
+++ b/src/leap/bitmask/core/web/service.py
@@ -59,7 +59,13 @@ class HTTPDispatcherService(service.Service):
     """
 
     API_WHITELIST = (
-        '/API/bonafide/user',
+        '/API/core/version',
+        '/API/core/stats',
+        '/API/bonafide/user/create',
+        '/API/bonafide/user/authenticate',
+        '/API/bonafide/provider/list',
+        '/API/bonafide/provider/create',
+        '/API/bonafide/provider/read',
     )
 
     def __init__(self, core, port=7070, debug=False, onion=False):
-- 
cgit v1.2.3