From aa1664eea00c4bc8ed392800aa1ebf4ab5692063 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@authentise.com>
Date: Tue, 17 May 2016 15:12:17 -0600
Subject: [PATCH] Make the GET /session/ endpoint work with auth

If we don't reorder this logic then we'll never set up the user's
information so that GET /session/ has the data it needs to show the
session information.
---
 vanth/auth.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/vanth/auth.py b/vanth/auth.py
index 09ac394..0c65dcd 100644
--- a/vanth/auth.py
+++ b/vanth/auth.py
@@ -6,6 +6,7 @@ import sepiida.routing
 import vanth.platform.user
 
 PUBLIC_ENDPOINTS = [
+    'session.get',
     'session.post',
     'about.get',
 ]
@@ -25,9 +26,6 @@ def require_user():
     if not endpoint():
         return flask.make_response('Resource not found', 404)
 
-    if endpoint() in PUBLIC_ENDPOINTS:
-        return
-
     if 'user_uri' not in flask.session:
         raise vanth.errors.AuthenticationException(
             status_code = 403,
@@ -37,7 +35,7 @@ def require_user():
 
     _, params = sepiida.routing.extract_parameters(flask.current_app, 'GET', flask.session['user_uri'])
     user = vanth.platform.user.by_filter({'uuid': [str(params['uuid'])]})
-    if not user:
+    if not user and endpoint() not in PUBLIC_ENDPOINTS:
         raise vanth.errors.AuthenticationException(
             status_code = 403,
             error_code  = 'invalid-user',