[PATCH v3 4/5] views: Allow use of basic auth for bundle mboxes
Andy Doan
andy.doan at linaro.org
Sat Mar 18 02:12:14 AEDT 2017
On 03/16/2017 05:07 PM, Stephen Finucane wrote:
> API clients are going to talk using basic auth. We also need to do this
> for bundles. The alternative is to provide another endpoint for bundles
> in the API but that seems unnecessary.
>
> Signed-off-by: Stephen Finucane <stephen at that.guru>
> ---
> patchwork/views/bundle.py | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
> index e717429..9f5f2b9 100644
> --- a/patchwork/views/bundle.py
> +++ b/patchwork/views/bundle.py
> @@ -19,6 +19,7 @@
>
> from __future__ import absolute_import
>
> +from django.conf import settings
> from django.contrib.auth.decorators import login_required
> import django.core.urlresolvers
> from django.http import (HttpResponse, HttpResponseRedirect,
> @@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm
> from patchwork.models import Patch, Bundle, BundlePatch, Project
> from patchwork.views import generic_list, patch_to_mbox, get_patch_ids
>
> +if settings.ENABLE_REST_API:
> + from rest_framework.authentication import BasicAuthentication # noqa
> + basic_auth = BasicAuthentication()
> +else:
> + basic_auth = None
> +
>
> @login_required
> def setbundle(request):
> @@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
> bundle = get_object_or_404(Bundle, owner__username=username,
> name=bundlename)
>
> - if not (request.user == bundle.owner or bundle.public):
> + if not (request.user == bundle.owner or bundle.public or
> + (basic_auth and BasicAuthentication().authenticate(request))):
This feels a little wierd since basic_auth is already instantiated
above. Wouldn't it be more clean as:
if not (request.user == bundle.owner or bundle.public or
(basic_auth and basic_auth.authenticate(request))):
> return HttpResponseNotFound()
>
> mbox = '\n'.join([patch_to_mbox(p).as_string(True)
>
More information about the Patchwork
mailing list