Fixes #6467: Fix access to metrics on custom BASE_PATH when login is required

2024-05-10 07:54:54 +00:00 · 2021-05-21 15:56:22 -04:00
parent 239fddcac2
commit a6eeed4061
2 changed files with 14 additions and 10 deletions
--- a/docs/release-notes/version-2.11.md
+++ b/docs/release-notes/version-2.11.md
@ -15,6 +15,7 @@
 * [#6426](https://github.com/netbox-community/netbox/issues/6426) - Allow assigning virtual chassis member interfaces to LAG on VC master
 * [#6438](https://github.com/netbox-community/netbox/issues/6438) - Fix missing descriptions and label for device type imports and exports
 * [#6465](https://github.com/netbox-community/netbox/issues/6465) - Fix typo in installed plugins REST API endpoint
+* [#6467](https://github.com/netbox-community/netbox/issues/6467) - Fix access to metrics on custom `BASE_PATH` when login is required
 * [#6468](https://github.com/netbox-community/netbox/issues/6468) - Disable ordering VLAN groups list by scope object

 ---
--- a/netbox/netbox/middleware.py
+++ b/netbox/netbox/middleware.py
@ -20,17 +20,20 @@ class LoginRequiredMiddleware(object):
        self.get_response = get_response

    def __call__(self, request):
+        # Redirect unauthenticated requests (except those exempted) to the login page if LOGIN_REQUIRED is true
        if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
-            # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API
-            # performs its own authentication. Also metrics can be read without login.
-            api_path = reverse('api-root')
-            if not request.path_info.startswith((api_path, '/metrics')) and request.path_info != settings.LOGIN_URL:
-                return HttpResponseRedirect(
-                    '{}?next={}'.format(
-                        settings.LOGIN_URL,
-                        parse.quote(request.get_full_path_info())
-                    )
-                )
+            # Determine exempt paths
+            exempt_paths = [
+                reverse('api-root')
+            ]
+            if settings.METRICS_ENABLED:
+                exempt_paths.append(reverse('prometheus-django-metrics'))
+
+            # Redirect unauthenticated requests
+            if not request.path_info.startswith(tuple(exempt_paths)) and request.path_info != settings.LOGIN_URL:
+                login_url = f'{settings.LOGIN_URL}?next={parse.quote(request.get_full_path_info())}'
+                return HttpResponseRedirect(login_url)
+
        return self.get_response(request)