[PATCH v3 4/5] views: Allow use of basic auth for bundle mboxes

Stephen Finucane stephen at that.guru
Mon Mar 20 20:50:57 AEDT 2017


On Fri, 2017-03-17 at 10:12 -0500, Andy Doan wrote:
> On 03/16/2017 05:07 PM, Stephen Finucane wrote:
> > API clients are going to talk using basic auth. We also need to do
> > this
> > for bundles. The alternative is to provide another endpoint for
> > bundles
> > in the API but that seems unnecessary.
> > 
> > Signed-off-by: Stephen Finucane <stephen at that.guru>
> > ---
> >  patchwork/views/bundle.py | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> > 
> > diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
> > index e717429..9f5f2b9 100644
> > --- a/patchwork/views/bundle.py
> > +++ b/patchwork/views/bundle.py
> > @@ -19,6 +19,7 @@
> > 
> >  from __future__ import absolute_import
> > 
> > +from django.conf import settings
> >  from django.contrib.auth.decorators import login_required
> >  import django.core.urlresolvers
> >  from django.http import (HttpResponse, HttpResponseRedirect,
> > @@ -30,6 +31,12 @@ from patchwork.forms import BundleForm,
> > DeleteBundleForm
> >  from patchwork.models import Patch, Bundle, BundlePatch, Project
> >  from patchwork.views import generic_list, patch_to_mbox,
> > get_patch_ids
> > 
> > +if settings.ENABLE_REST_API:
> > +    from rest_framework.authentication import
> > BasicAuthentication  # noqa
> > +    basic_auth = BasicAuthentication()
> > +else:
> > +    basic_auth = None
> > +
> > 
> >  @login_required
> >  def setbundle(request):
> > @@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
> >      bundle = get_object_or_404(Bundle, owner__username=username,
> >                                 name=bundlename)
> > 
> > -    if not (request.user == bundle.owner or bundle.public):
> > +    if not (request.user == bundle.owner or bundle.public or
> > +            (basic_auth and
> > BasicAuthentication().authenticate(request))):
> 
> This feels a little wierd since basic_auth is already instantiated 
> above. Wouldn't it be more clean as:

It would and that was my intention. I'll fix when I merge.

Happy with this otherwise?

Stephen

>      if not (request.user == bundle.owner or bundle.public or
>              (basic_auth and basic_auth.authenticate(request))):
> 
> >          return HttpResponseNotFound()
> > 
> >      mbox = '\n'.join([patch_to_mbox(p).as_string(True)
> > 
> 
> 



More information about the Patchwork mailing list