From 0b4f508a84389fd2b3a9c2a5cfc2128468f2c600 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Sun, 26 Feb 2017 23:57:22 +0000 Subject: views: Allow use of basic auth for bundle mboxes API clients are going to talk using basic auth. We also need to do this for bundles. The alternative is to provide another endpoint for bundles in the API but that seems unnecessary. Signed-off-by: Stephen Finucane Reviewed-by: Andy Doan --- patchwork/views/bundle.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py index e717429..95c44ae 100644 --- a/patchwork/views/bundle.py +++ b/patchwork/views/bundle.py @@ -19,6 +19,7 @@ from __future__ import absolute_import +from django.conf import settings from django.contrib.auth.decorators import login_required import django.core.urlresolvers from django.http import (HttpResponse, HttpResponseRedirect, @@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm from patchwork.models import Patch, Bundle, BundlePatch, Project from patchwork.views import generic_list, patch_to_mbox, get_patch_ids +if settings.ENABLE_REST_API: + from rest_framework.authentication import BasicAuthentication # noqa + basic_auth = BasicAuthentication() +else: + basic_auth = None + @login_required def setbundle(request): @@ -193,7 +200,8 @@ def mbox(request, username, bundlename): bundle = get_object_or_404(Bundle, owner__username=username, name=bundlename) - if not (request.user == bundle.owner or bundle.public): + if not (request.user == bundle.owner or bundle.public or + (basic_auth and basic_auth.authenticate(request))): return HttpResponseNotFound() mbox = '\n'.join([patch_to_mbox(p).as_string(True) -- cgit v1.2.3