Merge pull request #311 from dhis2/fix/anonymous-download-published-apps

fix: handle anonymous requests to getAppFile

server/src/routes/v1/apps/handlers/getAppFile.js

@@ -26,7 +26,13 @@ module.exports = {
         const knex = h.context.db
 
         const isAdmin = currentUserIsManager(request)
-        const user = await getCurrentUserFromRequest(request)
+        let user = null
+        try {
+            user = await getCurrentUserFromRequest(request)
+        } catch (err) {
+            //no user in request, anonymous
+            debug('no user in request')
+        }
 
         debug('user:', user)
         debug('isAdmin:', isAdmin)

server/src/routes/v1/apps/handlers/getSingleApp.js

@@ -22,7 +22,6 @@ const {
 } = require('../../../../security')
 
 module.exports = {
-    //unauthenticated endpoint returning the approved app for the specified appId
     method: 'GET',
     path: '/v1/apps/{appId}',
     config: {
@@ -59,6 +58,7 @@ module.exports = {
                 appsUserCanEdit.map(app => app.app_id).indexOf(appId) !== -1
         } catch (err) {
             //no user on request
+            debug('No user in request')
         }
 
         if (canSeeAllApps(request) || isDeveloper) {