NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-28 02:06:10 -06:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fixes: #19669 & #18396 - Allow Token Authentication against Media view (#20046)
Some checks failed
CodeQL / Analyze (${{ matrix.language }}) (none, actions) (push) Waiting to run
Details
CodeQL / Analyze (${{ matrix.language }}) (none, javascript-typescript) (push) Waiting to run
Details
CodeQL / Analyze (${{ matrix.language }}) (none, python) (push) Waiting to run
Details
CI / build (20.x, 3.10) (push) Has been cancelled
Details
CI / build (20.x, 3.11) (push) Has been cancelled
Details
CI / build (20.x, 3.12) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Daniel Sheppard 2025-08-15 15:22:03 -05:00 committed by GitHub
parent 9f605a2db1
commit a9ada4457b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
netbox/netbox/views/misc.py
View File

@ -20,7 +20,7 @@ from netbox.search.backends import search_backend
from netbox.tables import SearchTable
from utilities.htmx import htmx_partial
from utilities.paginator import EnhancedPaginator, get_paginate_count
from utilities.views import ConditionalLoginRequiredMixin
from utilities.views import ConditionalLoginRequiredMixin, TokenConditionalLoginRequiredMixin
__all__ = (
'HomeView',
@ -119,7 +119,7 @@ class SearchView(ConditionalLoginRequiredMixin, View):
})
class MediaView(ConditionalLoginRequiredMixin, View):
class MediaView(TokenConditionalLoginRequiredMixin, View):
"""
Wrap Django's serve() view to enforce LOGIN_REQUIRED for static media.
"""

15
netbox/utilities/views.py
View File

@ -7,6 +7,7 @@ from django.urls import reverse
from django.urls.exceptions import NoReverseMatch
from django.utils.translation import gettext_lazy as _
from netbox.api.authentication import TokenAuthentication
from netbox.plugins import PluginConfig
from netbox.registry import registry
from utilities.relations import get_related_models
@ -19,6 +20,7 @@ __all__ = (
'GetRelatedModelsMixin',
'GetReturnURLMixin',
'ObjectPermissionRequiredMixin',
'TokenConditionalLoginRequiredMixin',
'ViewTab',
'get_viewname',
'register_model_view',
@ -39,6 +41,19 @@ class ConditionalLoginRequiredMixin(AccessMixin):
return super().dispatch(request, *args, **kwargs)
class TokenConditionalLoginRequiredMixin(ConditionalLoginRequiredMixin):
def dispatch(self, request, *args, **kwargs):
# Attempt to authenticate the user using a DRF token, if provided
if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
authenticator = TokenAuthentication()
auth_info = authenticator.authenticate(request)
if auth_info is not None:
request.user = auth_info[0] # User object
request.auth = auth_info[1]
return super().dispatch(request, *args, **kwargs)
class ContentTypePermissionRequiredMixin(ConditionalLoginRequiredMixin):
"""
Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.