Inicio Explorar Ayuda
Iniciar sesión
LBP
/
netbox
espejo de https://github.com/netbox-community/netbox.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Fixes: #19669 & #18396 - Allow Token Authentication against Media view (#20046)

Daniel Sheppard hace 6 meses
padre
9f605a2db1
commit
a9ada4457b
Se han modificado 2 ficheros con 17 adiciones y 2 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 2
      netbox/netbox/views/misc.py
  2. 15 0
      netbox/utilities/views.py

+ 2 - 2
netbox/netbox/views/misc.py
Ver fichero 

@@ -20,7 +20,7 @@ from netbox.search.backends import search_backend
 
 from netbox.tables import SearchTable
 
 from utilities.htmx import htmx_partial
 
 from utilities.paginator import EnhancedPaginator, get_paginate_count
 
-from utilities.views import ConditionalLoginRequiredMixin
 
+from utilities.views import ConditionalLoginRequiredMixin, TokenConditionalLoginRequiredMixin
 
 
 __all__ = (
 
     'HomeView',
 
@@ -119,7 +119,7 @@ class SearchView(ConditionalLoginRequiredMixin, View):
 
         })
 
 
 
-class MediaView(ConditionalLoginRequiredMixin, View):
 
+class MediaView(TokenConditionalLoginRequiredMixin, View):
 
     """
 
     Wrap Django's serve() view to enforce LOGIN_REQUIRED for static media.
 
     """

+ 15 - 0
netbox/utilities/views.py
Ver fichero 

@@ -7,6 +7,7 @@ from django.urls import reverse
 
 from django.urls.exceptions import NoReverseMatch
 
 from django.utils.translation import gettext_lazy as _
 
 
+from netbox.api.authentication import TokenAuthentication
 
 from netbox.plugins import PluginConfig
 
 from netbox.registry import registry
 
 from utilities.relations import get_related_models
 
@@ -19,6 +20,7 @@ __all__ = (
 
     'GetRelatedModelsMixin',
 
     'GetReturnURLMixin',
 
     'ObjectPermissionRequiredMixin',
 
+    'TokenConditionalLoginRequiredMixin',
 
     'ViewTab',
 
     'get_viewname',
 
     'register_model_view',
 
@@ -39,6 +41,19 @@ class ConditionalLoginRequiredMixin(AccessMixin):
 
         return super().dispatch(request, *args, **kwargs)
 
 
 
+class TokenConditionalLoginRequiredMixin(ConditionalLoginRequiredMixin):
 
+    def dispatch(self, request, *args, **kwargs):
 
+        # Attempt to authenticate the user using a DRF token, if provided
 
+        if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
 
+            authenticator = TokenAuthentication()
 
+            auth_info = authenticator.authenticate(request)
 
+            if auth_info is not None:
 
+                request.user = auth_info[0]  # User object
 
+                request.auth = auth_info[1]
 
+
 
+        return super().dispatch(request, *args, **kwargs)
 
+
 
+
 
 class ContentTypePermissionRequiredMixin(ConditionalLoginRequiredMixin):
 
     """
 
     Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.