From 99f0e7b939b4e67d605e5a3814e8c3d116095bdb Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:09:10 +0200 Subject: [PATCH 1/4] Exclude /metrics from LOGIN_REQUIRED --- netbox/utilities/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 4e321ab19..6aaf665b4 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -19,9 +19,10 @@ class LoginRequiredMiddleware(object): def __call__(self, request): if LOGIN_REQUIRED and not request.user.is_authenticated: # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API - # performs its own authentication. + # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if not request.path_info.startswith(api_path) and request.path_info != settings.LOGIN_URL: + if (not (request.path_info.startswith(api_path) or request.path_info.startswith('/metrics')) + and request.path_info != settings.LOGIN_URL): return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From 4c5603e6ffc45b9b69c9b5900dafcd7dd18af664 Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:47:38 +0200 Subject: [PATCH 2/4] Fix PEP 8 errors --- netbox/utilities/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 6aaf665b4..df5cced2f 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,8 +21,9 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if (not (request.path_info.startswith(api_path) or request.path_info.startswith('/metrics')) - and request.path_info != settings.LOGIN_URL): + if (not (request.path_info.startswith(api_path) or + request.path_info.startswith('/metrics')) and + request.path_info != settings.LOGIN_URL): return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From 560c8d6f0112c3ebe6796c55e2e799f7cd69f922 Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 16:54:23 +0200 Subject: [PATCH 3/4] More elegant path checking --- netbox/utilities/middleware.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index df5cced2f..3a1689bb8 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,9 +21,7 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if (not (request.path_info.startswith(api_path) or - request.path_info.startswith('/metrics')) and - request.path_info != settings.LOGIN_URL): + if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL: return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request) From 2a2026a2cc674189ccef3c7a33b82a69887a0cde Mon Sep 17 00:00:00 2001 From: Lars Weiler Date: Tue, 30 Apr 2019 17:04:21 +0200 Subject: [PATCH 4/4] Forgot the additional brackets for a tuple --- netbox/utilities/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/middleware.py b/netbox/utilities/middleware.py index 3a1689bb8..e3d3d4b95 100644 --- a/netbox/utilities/middleware.py +++ b/netbox/utilities/middleware.py @@ -21,7 +21,7 @@ class LoginRequiredMiddleware(object): # Redirect unauthenticated requests to the login page. API requests are exempt from redirection as the API # performs its own authentication. Also metrics can be read without login. api_path = reverse('api-root') - if not request.path_info.startswith(api_path, '/metrics') and request.path_info != settings.LOGIN_URL: + if not request.path_info.startswith((api_path, '/metrics')) and request.path_info != settings.LOGIN_URL: return HttpResponseRedirect('{}?next={}'.format(settings.LOGIN_URL, request.path_info)) return self.get_response(request)