Merge branch 'api2' into v2-develop

2024-05-10 07:54:54 +00:00 · 2017-03-23 13:36:09 -04:00
parent f5f9491811 0899a1052e
commit 93a4327921
3 changed files with 22 additions and 21 deletions
--- a/docs/api/authentication.md
+++ b/docs/api/authentication.md
@ -24,7 +24,7 @@ $ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
 }
 ```

-However, if the `[LOGIN_REQUIRED](../configuration/optional-settings/#login_required)` configuration setting has been set to `True`, all requests must be authenticated.
+However, if the [`LOGIN_REQUIRED`](../configuration/optional-settings/#login_required) configuration setting has been set to `True`, all requests must be authenticated.

 ```
 $ curl -H "Accept: application/json; indent=4" http://localhost/api/dcim/sites/
--- a/docs/api/overview.md
+++ b/docs/api/overview.md
@ -120,7 +120,7 @@ Vary: Accept
 }
 ```

-The default page size derives from the `[PAGINATE_COUNT](../configuration/optional-settings/#paginate_count)` configuration setting, which defaults to 50. However, this can be overridden per request by specifying the desired `offset` and `limit` query parameters. For example, if you wish to retrieve a hundred devices at a time, you would make a request for:
+The default page size derives from the [`PAGINATE_COUNT`](../configuration/optional-settings/#paginate_count) configuration setting, which defaults to 50. However, this can be overridden per request by specifying the desired `offset` and `limit` query parameters. For example, if you wish to retrieve a hundred devices at a time, you would make a request for:

 ```
 http://localhost:8000/api/dcim/devices/?limit=100
--- a/netbox/secrets/api/views.py
+++ b/netbox/secrets/api/views.py
@ -64,8 +64,10 @@ class SecretViewSet(WritableSerializerMixin, ModelViewSet):

        super(SecretViewSet, self).initial(request, *args, **kwargs)

-        # Read session key from HTTP cookie or header if it has been provided. The session key must be provided in order
-        # to encrypt/decrypt secrets.
+        if request.user.is_authenticated():
+
+            # Read session key from HTTP cookie or header if it has been provided. The session key must be provided in
+            # order to encrypt/decrypt secrets.
            if 'session_key' in request.COOKIES:
                session_key = base64.b64decode(request.COOKIES['session_key'])
            elif 'HTTP_X_SESSION_KEY' in request.META:
@ -74,7 +76,6 @@ class SecretViewSet(WritableSerializerMixin, ModelViewSet):
                session_key = None

            # We can't encrypt secret plaintext without a session key.
-        # assert False, self.action
            if self.action in ['create', 'update'] and session_key is None:
                raise ValidationError("A session key must be provided when creating or updating secrets.")