[PATCH v3 4/5] views: Allow use of basic auth for bundle mboxes
Stephen Finucane
stephen at that.guru
Fri Mar 17 09:07:27 AEDT 2017
API clients are going to talk using basic auth. We also need to do this
for bundles. The alternative is to provide another endpoint for bundles
in the API but that seems unnecessary.
Signed-off-by: Stephen Finucane <stephen at that.guru>
---
patchwork/views/bundle.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
index e717429..9f5f2b9 100644
--- a/patchwork/views/bundle.py
+++ b/patchwork/views/bundle.py
@@ -19,6 +19,7 @@
from __future__ import absolute_import
+from django.conf import settings
from django.contrib.auth.decorators import login_required
import django.core.urlresolvers
from django.http import (HttpResponse, HttpResponseRedirect,
@@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm
from patchwork.models import Patch, Bundle, BundlePatch, Project
from patchwork.views import generic_list, patch_to_mbox, get_patch_ids
+if settings.ENABLE_REST_API:
+ from rest_framework.authentication import BasicAuthentication # noqa
+ basic_auth = BasicAuthentication()
+else:
+ basic_auth = None
+
@login_required
def setbundle(request):
@@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
bundle = get_object_or_404(Bundle, owner__username=username,
name=bundlename)
- if not (request.user == bundle.owner or bundle.public):
+ if not (request.user == bundle.owner or bundle.public or
+ (basic_auth and BasicAuthentication().authenticate(request))):
return HttpResponseNotFound()
mbox = '\n'.join([patch_to_mbox(p).as_string(True)
--
2.9.3
More information about the Patchwork
mailing list