From 2d51460516fecbf3e571f4acade27bafbe6f94f0 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Fri, 26 Jan 2024 14:33:02 +0100
Subject: [PATCH] Remove default kratos webhook secret

---
 backend/helpers/auth_guard.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/backend/helpers/auth_guard.py b/backend/helpers/auth_guard.py
index 6d0f480b..b9dd9723 100644
--- a/backend/helpers/auth_guard.py
+++ b/backend/helpers/auth_guard.py
@@ -30,10 +30,7 @@ def kratos_webhook():
         @wraps(fn)
         def decorator(*args, **kwargs):
             header = request.headers.get("Authorization")
-            # TO DO: uncomment line below once merged to main
-            # if header is not None and header == os.environ.get("KRATOS_WEBHOOK_SECRET"):
-            # TO DO: remove line below once merged to main
-            if header is not None and header == os.environ.get("KRATOS_WEBHOOK_SECRET", "test-kratos-hooks-remove-before-merge"):
+            if header is not None and header == os.environ.get("KRATOS_WEBHOOK_SECRET"):
                 return fn(*args, **kwargs)
             else:
                 raise Unauthorized("This needs a valid api key.")
-- 
GitLab