From 9af1553353e8fb837e5c4323531dda8e69dc8915 Mon Sep 17 00:00:00 2001
From: Duda Dornelles <ddornell@thoughtworks.com>
Date: Fri, 13 Feb 2015 11:56:58 -0200
Subject: Making sure that no private key can be retrieved by the KeysResource

---
 service/pixelated/resources/keys_resource.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'service/pixelated/resources/keys_resource.py')

diff --git a/service/pixelated/resources/keys_resource.py b/service/pixelated/resources/keys_resource.py
index f8affb73..8afb2bf6 100644
--- a/service/pixelated/resources/keys_resource.py
+++ b/service/pixelated/resources/keys_resource.py
@@ -8,13 +8,18 @@ from twisted.web.resource import Resource
 
 class KeysResource(Resource):
 
+    isLeaf = True
+
     def __init__(self, keymanager):
         Resource.__init__(self)
         self._keymanager = keymanager
 
     def render_GET(self, request):
         def finish_request(key):
-            respond_json_deferred(key.get_json(), request)
+            if key.private:
+                respond_json_deferred(None, request, status_code=401)
+            else:
+                respond_json_deferred(key.get_json(), request)
 
         def key_not_found(_):
             respond_json_deferred(None, request, status_code=404)
-- 
cgit v1.2.3