From 9e863bf3eb28fc7c075e6d174ea64119f90252e0 Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:09:10 +0200 Subject: [PATCH 1/4] Exclude /metrics from LOGIN_REQUIRED --- netbox/utilities/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 4e321ab19..6aaf665b4 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -19,9 +19,10 @@ class LoginRequiredMiddleware(object): def __call__(self, request): if LOGIN_REQUIRED and not request.user.is_authenticated: # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API - # performs its own authentication. + # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if not request.path_info.startswith(api_path) and request.path_info != settings.LOGIN_URL: + if (not (request.path_info.startswith(api_path) or request.path_info.startswith('/metrics')) + and request.path_info != settings.LOGIN_URL): return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From f09a817411a7800f1ba26d9b1e7998ba5c47d43d Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:47:38 +0200 Subject: [PATCH 2/4] Fix PEP 8 errors --- netbox/utilities/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 6aaf665b4..df5cced2f 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,8 +21,9 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if (not (request.path_info.startswith(api_path) or request.path_info.startswith('/metrics')) - and request.path_info != settings.LOGIN_URL): + if (not (request.path_info.startswith(api_path) or + request.path_info.startswith('/metrics')) and + request.path_info != settings.LOGIN_URL): return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From f5ccb875628a31578a8203c3bac674713b0ce7d9 Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:54:23 +0200 Subject: [PATCH 3/4] More elegant path checking --- netbox/utilities/middleware.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index df5cced2f..3a1689bb8 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,9 +21,7 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if (not (request.path_info.startswith(api_path) or - request.path_info.startswith('/metrics')) and - request.path_info != settings.LOGIN_URL): + if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL: return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From 034cf02e7cb74225263c77a19fcc20b1fe69d35c Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 17:04:21 +0200 Subject: [PATCH 4/4] Forgot the additional brackets for a tuple --- netbox/utilities/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 3a1689bb8..e3d3d4b95 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,7 +21,7 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL: + if not request.path_info.startswith((api_path, '/metrics')) and request.path_info != settings.LOGIN_URL: return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request)