From b47c5ee1b84b3e2c7fc6f0551a69d36f1002a655 Mon Sep 17 00:00:00 2001
From: Arthur <worldnomad@gmail.com>
Date: Wed, 13 Mar 2024 13:13:20 -0700
Subject: [PATCH] 9856 fix tests

---
 netbox/netbox/graphql/views.py      |  6 ++++--
 netbox/netbox/tests/test_graphql.py |  3 +--
 netbox/utilities/testing/api.py     | 10 ++++++++--
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/netbox/netbox/graphql/views.py b/netbox/netbox/graphql/views.py
index 010cef1d3..85a01f025 100644
--- a/netbox/netbox/graphql/views.py
+++ b/netbox/netbox/graphql/views.py
@@ -36,7 +36,9 @@ class NetBoxGraphQLView(GraphQLView):
 
         # Enforce LOGIN_REQUIRED
         if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
-            # return redirect_to_login(reverse('graphql'))
-            return HttpResponseForbidden("No credentials provided.")
+            if request.accepts("text/html"):
+                return redirect_to_login(reverse('graphql'))
+            else:
+                return HttpResponseForbidden("No credentials provided.")
 
         return super().dispatch(request, *args, **kwargs)
diff --git a/netbox/netbox/tests/test_graphql.py b/netbox/netbox/tests/test_graphql.py
index 5bf9c4abb..2cf9ee87b 100644
--- a/netbox/netbox/tests/test_graphql.py
+++ b/netbox/netbox/tests/test_graphql.py
@@ -33,5 +33,4 @@ class GraphQLTestCase(TestCase):
         self.client.logout()
         response = self.client.get(url, **header)
         with disable_warnings('django.request'):
-            # self.assertHttpStatus(response, 302)  # Redirect to login page
-            self.assertHttpStatus(response, 403)  # Redirect to login page
+            self.assertHttpStatus(response, 302)  # Redirect to login page
diff --git a/netbox/utilities/testing/api.py b/netbox/utilities/testing/api.py
index 50591a95f..11007f77f 100644
--- a/netbox/utilities/testing/api.py
+++ b/netbox/utilities/testing/api.py
@@ -499,7 +499,10 @@ class APIViewTestCases:
 
             # Non-authenticated requests should fail
             with disable_warnings('django.request'):
-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
+                header = {
+                    'HTTP_ACCEPT': 'application/json',
+                }
+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
 
             # Add object-level permission
             obj_perm = ObjectPermission(
@@ -524,7 +527,10 @@ class APIViewTestCases:
 
             # Non-authenticated requests should fail
             with disable_warnings('django.request'):
-                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json"), status.HTTP_403_FORBIDDEN)
+                header = {
+                    'HTTP_ACCEPT': 'application/json',
+                }
+                self.assertHttpStatus(self.client.post(url, data={'query': query}, format="json", **header), status.HTTP_403_FORBIDDEN)
 
             # Add object-level permission
             obj_perm = ObjectPermission(