Merge pull request #54 from gocardless/hmac/fix-access-token-auth

Don't require authentication for creating access tokens
gocardless · Aug 22, 2018 · f31b9a0 · f31b9a0
2 parents ff264bb + d67e595
commit f31b9a0
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,12 @@ Unreleased
 
 Nothing
 
+2.0.1
+-----
+
+- Fix bug where the `POST /access_tokens` route was behind authentication,
+  preventing users from authenticating for the first time.
+
 2.0.0
 -----
 

diff --git a/DRAUPNIR_VERSION b/DRAUPNIR_VERSION
@@ -1 +1 @@
-2.0.0
+2.0.1
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/main.go b/main.go
@@ -201,8 +201,15 @@ func main() {
 		Add(routes.Authenticate(authenticator))
 
 	// Access Tokens
+	// This route is hit before the user is authenticated, so we don't use the
+	// Authenticate middleware
 	router.Methods("POST").Path("/access_tokens").HandlerFunc(
-		defaultChain.Resolve(accessTokenRouteSet.Create),
+		rootHandler.
+			Add(routes.DefaultErrorRenderer).
+			Add(routes.WithVersion).
+			Add(routes.AsJSON).
+			Add(routes.CheckAPIVersion(version.Version)).
+			Resolve(accessTokenRouteSet.Create),
 	)
 
 	// Images
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,12 @@ Unreleased @@
     Nothing
+.0.1
+    -----
+    - Fix bug where the `POST /access_tokens` route was behind authentication,
+      preventing users from authenticating for the first time.
 .0.0
     -----
@@ Expand Down @@