Fixes: #19669 & #18396 - Allow Token Authentication against Media view (#20046)

2026-01-21 02:58:43 -06:00 · 2025-08-15 15:22:03 -05:00
parent 9f605a2db1
commit a9ada4457b
2 changed files with 17 additions and 2 deletions
--- a/netbox/utilities/views.py
+++ b/netbox/utilities/views.py
@@ -7,6 +7,7 @@ from django.urls import reverse
 from django.urls.exceptions import NoReverseMatch
 from django.utils.translation import gettext_lazy as _

+from netbox.api.authentication import TokenAuthentication
 from netbox.plugins import PluginConfig
 from netbox.registry import registry
 from utilities.relations import get_related_models
@@ -19,6 +20,7 @@ __all__ = (
    'GetRelatedModelsMixin',
    'GetReturnURLMixin',
    'ObjectPermissionRequiredMixin',
+    'TokenConditionalLoginRequiredMixin',
    'ViewTab',
    'get_viewname',
    'register_model_view',
@@ -39,6 +41,19 @@ class ConditionalLoginRequiredMixin(AccessMixin):
        return super().dispatch(request, *args, **kwargs)


+class TokenConditionalLoginRequiredMixin(ConditionalLoginRequiredMixin):
+    def dispatch(self, request, *args, **kwargs):
+        # Attempt to authenticate the user using a DRF token, if provided
+        if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
+            authenticator = TokenAuthentication()
+            auth_info = authenticator.authenticate(request)
+            if auth_info is not None:
+                request.user = auth_info[0]  # User object
+                request.auth = auth_info[1]
+
+        return super().dispatch(request, *args, **kwargs)
+
+
 class ContentTypePermissionRequiredMixin(ConditionalLoginRequiredMixin):
    """
    Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.