Content-Length: 381029 | pFad | http://github.com/nautobot/nautobot/pull/6672/files/b3ccefd7490cc7aa6fe874d9a3bfbfa20346308d

BD Requesting media files requires authentication by timizuoebideri1 · Pull Request #6672 · nautobot/nautobot · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requesting media files requires authentication #6672

Open
wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

Requesting media files requires authentication #6672

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
b3ccefd
Requesting static media requires authentication
Dec 17, 2024
b663135
Resolve PR feedback
Dec 19, 2024
d63b54e
Merge branch 'develop' into u/timizuoebideri1-media_auth-required
timizuoebideri1 Dec 19, 2024
836416a
Simpler approach, enhance testing a bit
glennmatthews Dec 30, 2024
5d4e99e
Change fragment
glennmatthews Dec 30, 2024
2079545
Merge branch 'develop' into u/timizuoebideri1-media_auth-required
glennmatthews Dec 30, 2024
b0531d1
Ruff
glennmatthews Dec 30, 2024
01d89ca
Merge branch 'develop' into u/timizuoebideri1-media_auth-required
timizuoebideri1 Dec 30, 2024
532d1aa
Merge branch 'develop' into u/timizuoebideri1-media_auth-required
glennmatthews Dec 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions nautobot/core/tests/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import os
import re
import tempfile
from unittest import mock, skipIf
import urllib.parse

Expand Down Expand Up @@ -181,6 +183,29 @@ def test_banners_no_xss(self):
self.assertNotIn("Welcome to Nautobot!", response.content.decode(response.charset))


class MediaViewTestCase(TestCase):
def test_media_unauthenticated(self):
url = reverse("media", kwargs={"path": "foo.txt"})
self.client.logout()
response = self.client.get(url)

# Unauthenticated request should redirect to login page
self.assertRedirects(
response, expected_url=reverse("login") + "?next=/media/foo.txt", status_code=302, target_status_code=200
)

def test_media_authenticated(self):
with tempfile.TemporaryDirectory() as temp_dir:
with override_settings(MEDIA_ROOT=temp_dir):
file_path = os.path.join(temp_dir, "foo.txt")
with open(file_path, "w") as f:
f.write("Hello, world!")

url = reverse("media", kwargs={"path": "foo.txt"})
response = self.client.get(url)
self.assertHttpStatus(response, 200)


@override_settings(BRANDING_TITLE="Nautobot")
class SearchFieldsTestCase(TestCase):
def test_search_bar_redirect_to_login(self):
Expand Down
4 changes: 2 additions & 2 deletions nautobot/core/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
from django.conf import settings
from django.urls import include, path
from django.views.generic import TemplateView
from django.views.static import serve

from nautobot.core.views import (
CustomGraphQLView,
get_file_with_authorization,
HomeView,
MediaView,
NautobotMetricsView,
NautobotMetricsViewAuth,
SearchView,
Expand Down Expand Up @@ -46,7 +46,7 @@
# GraphQL
path("graphql/", CustomGraphQLView.as_view(graphiql=True), name="graphql"),
# Serving static media in Django (TODO: should be DEBUG mode only - "This view is NOT hardened for production use")
path("media/<path:path>", serve, {"document_root": settings.MEDIA_ROOT}),
path("media/<path:path>", MediaView.as_view(), name="media"),
# Admin
path("admin/", admin_site.urls),
# Errors
Expand Down
11 changes: 11 additions & 0 deletions nautobot/core/views/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
from django.views.decorators.csrf import requires_csrf_token
from django.views.defaults import ERROR_500_TEMPLATE_NAME, page_not_found
from django.views.generic import TemplateView, View
from django.views.static import serve
from graphene_django.views import GraphQLView
from packaging import version
from prometheus_client import (
Expand All @@ -47,6 +48,7 @@
from nautobot.core.releases import get_latest_release
from nautobot.core.utils.lookup import get_route_for_model
from nautobot.core.utils.permissions import get_permission_for_model
from nautobot.core.views.generic import GenericView
from nautobot.extras.forms import GraphQLQueryForm
from nautobot.extras.models import FileProxy, GraphQLQuery, Status
from nautobot.extras.registry import registry
Expand Down Expand Up @@ -132,6 +134,15 @@ def get(self, request, *args, **kwargs):
return self.render_to_response(context)


class MediaView(GenericView):
"""
Wrap Django's serve() view to enforce LOGIN_REQUIRED for static media.
timizuoebideri1 marked this conversation as resolved.
Show resolved Hide resolved
"""

def get(self, request, path):
return serve(request, path, document_root=settings.MEDIA_ROOT)


class WorkerStatusView(UserPassesTestMixin, TemplateView):
template_name = "utilities/worker_status.html"

Expand Down








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/nautobot/nautobot/pull/6672/files/b3ccefd7490cc7aa6fe874d9a3bfbfa20346308d

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy