il y a 1 an · b47c5ee1b8
--- a/netbox/netbox/graphql/views.py
+++ b/netbox/netbox/graphql/views.py
@@ -36,7 +36,9 @@ class NetBoxGraphQLView(GraphQLView):
 
															         # Enforce LOGIN_REQUIRED
														
 
															         if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
														
 
															-            # return redirect_to_login(reverse('graphql'))
														
 
															-            return HttpResponseForbidden("No credentials provided.")
														
 
															+            if request.accepts("text/html"):
														
 
															+                return redirect_to_login(reverse('graphql'))
														
 
															+            else:
														
 
															+                return HttpResponseForbidden("No credentials provided.")
														
 
															         return super().dispatch(request, *args, **kwargs)
														
--- a/netbox/netbox/tests/test_graphql.py
+++ b/netbox/netbox/tests/test_graphql.py
@@ -33,5 +33,4 @@ class GraphQLTestCase(TestCase):
 
															         self.client.logout()
														
 
															         response = self.client.get(url, **header)
														
 
															         with disable_warnings('django.request'):
														
 
															-            # self.assertHttpStatus(response, 302)  # Redirect to login page
														
 
															-            self.assertHttpStatus(response, 403)  # Redirect to login page
														
 
															+            self.assertHttpStatus(response, 302)  # Redirect to login page
														
--- a/netbox/utilities/testing/api.py
+++ b/netbox/utilities/testing/api.py
@@ -499,7 +499,10 @@ class APIViewTestCases:
 
															             # Non-authenticated requests should fail
														
 
															             with disable_warnings('django.request'):
														
 
															-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
														
 
															+                header = {
														
 
															+                    'HTTP_ACCEPT': 'application/json',
														
 
															+                }
														
 
															+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
														
 
															             # Add object-level permission
														
 
															             obj_perm = ObjectPermission(
														
@@ -524,7 +527,10 @@ class APIViewTestCases:
 
															             # Non-authenticated requests should fail
														
 
															             with disable_warnings('django.request'):
														
 
															-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
														
 
															+                header = {
														
 
															+                    'HTTP_ACCEPT': 'application/json',
														
 
															+                }
														
 
															+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
														
 
															             # Add object-level permission
														
 
															             obj_perm = ObjectPermission(