From 36ac83a319f1dbd1df3752c9ab8f129eefb23f9b Mon Sep 17 00:00:00 2001 From: jeremystretch Date: Mon, 8 Aug 2022 11:43:27 -0400 Subject: [PATCH] Fixes #9949: Fix KeyError exception resulting from invalid API token provisioning request --- docs/release-notes/version-3.2.md | 1 + netbox/users/api/views.py | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/release-notes/version-3.2.md b/docs/release-notes/version-3.2.md index d13e8db75..0ee235a82 100644 --- a/docs/release-notes/version-3.2.md +++ b/docs/release-notes/version-3.2.md @@ -21,6 +21,7 @@ * [#9885](https://github.com/netbox-community/netbox/issues/9885) - Fix child prefix counts when editing/deleting aggregates in bulk * [#9891](https://github.com/netbox-community/netbox/issues/9891) - Ensure consistent ordering for tags during object serialization * [#9919](https://github.com/netbox-community/netbox/issues/9919) - Fix potential XSS avenue via linked objects in tables +* [#9949](https://github.com/netbox-community/netbox/issues/9949) - Fix KeyError exception resulting from invalid API token provisioning request --- diff --git a/netbox/users/api/views.py b/netbox/users/api/views.py index c3495afdf..e5c2bc8ab 100644 --- a/netbox/users/api/views.py +++ b/netbox/users/api/views.py @@ -74,11 +74,11 @@ class TokenProvisionView(APIView): serializer.is_valid() # Authenticate the user account based on the provided credentials - user = authenticate( - request=request, - username=serializer.data['username'], - password=serializer.data['password'] - ) + username = serializer.data.get('username') + password = serializer.data.get('password') + if not username or not password: + raise AuthenticationFailed("Username and password must be provided to provision a token.") + user = authenticate(request=request, username=username, password=password) if user is None: raise AuthenticationFailed("Invalid username/password")