[PATCH v3 4/5] views: Allow use of basic auth for bundle mboxes

Stephen Finucane stephen at that.guru
Fri Mar 17 09:07:27 AEDT 2017


API clients are going to talk using basic auth. We also need to do this
for bundles. The alternative is to provide another endpoint for bundles
in the API but that seems unnecessary.

Signed-off-by: Stephen Finucane <stephen at that.guru>
---
 patchwork/views/bundle.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
index e717429..9f5f2b9 100644
--- a/patchwork/views/bundle.py
+++ b/patchwork/views/bundle.py
@@ -19,6 +19,7 @@
 
 from __future__ import absolute_import
 
+from django.conf import settings
 from django.contrib.auth.decorators import login_required
 import django.core.urlresolvers
 from django.http import (HttpResponse, HttpResponseRedirect,
@@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm
 from patchwork.models import Patch, Bundle, BundlePatch, Project
 from patchwork.views import generic_list, patch_to_mbox, get_patch_ids
 
+if settings.ENABLE_REST_API:
+    from rest_framework.authentication import BasicAuthentication  # noqa
+    basic_auth = BasicAuthentication()
+else:
+    basic_auth = None
+
 
 @login_required
 def setbundle(request):
@@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
     bundle = get_object_or_404(Bundle, owner__username=username,
                                name=bundlename)
 
-    if not (request.user == bundle.owner or bundle.public):
+    if not (request.user == bundle.owner or bundle.public or
+            (basic_auth and BasicAuthentication().authenticate(request))):
         return HttpResponseNotFound()
 
     mbox = '\n'.join([patch_to_mbox(p).as_string(True)
-- 
2.9.3



More information about the Patchwork mailing list