paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Disable auto-login for API token requests (#5094)

Browse Source
This commit is contained in:
shamoon 2023-12-26 14:22:41 -08:00 committed by GitHub
parent 151d337f6c
commit 5576a073a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/paperless/auth.py
View File

@ -2,12 +2,16 @@ from django.conf import settings
from django.contrib import auth
from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
from django.contrib.auth.models import User
from django.http import HttpRequest
from django.utils.deprecation import MiddlewareMixin
from rest_framework import authentication
class AutoLoginMiddleware(MiddlewareMixin):
def process_request(self, request):
def process_request(self, request: HttpRequest):
# Dont use auto-login with token request
if request.path.startswith("/api/token/") and request.method == "POST":
return None
try:
request.user = User.objects.get(username=settings.AUTO_LOGIN_USERNAME)
auth.login(

2
src/paperless/settings.py
View File

@ -297,8 +297,8 @@ if DEBUG:
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework.authentication.BasicAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.TokenAuthentication",
"rest_framework.authentication.SessionAuthentication",
],
"DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.AcceptHeaderVersioning",
"DEFAULT_VERSION": "1",