Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closes #16107: Set LOGIN_REQUIRED to True by default #16122

Merged
merged 2 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions docs/configuration/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,12 @@ Note that enabling this setting causes NetBox to update a user's session in the

## LOGIN_REQUIRED

Default: False
Default: True

When enabled, only authenticated users are permitted to access any part of NetBox. Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).

Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox but not make any changes.
!!! info "Changed in NetBox v4.0.2"
Prior to NetBox v4.0.2, this setting was disabled by default.

---

Expand Down
5 changes: 2 additions & 3 deletions netbox/netbox/configuration_example.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,9 +157,8 @@
# authenticated to NetBox indefinitely.
LOGIN_PERSISTENCE = False

# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
# are permitted to access most data in NetBox but not make any changes.
LOGIN_REQUIRED = False
# Setting this to False will permit unauthenticated users to access most areas of NetBox (but not make any changes).
LOGIN_REQUIRED = True

# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
# re-authenticate. (Default: 1209600 [14 days])
Expand Down
2 changes: 1 addition & 1 deletion netbox/netbox/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
LANGUAGE_COOKIE_PATH = CSRF_COOKIE_PATH
LOGGING = getattr(configuration, 'LOGGING', {})
LOGIN_PERSISTENCE = getattr(configuration, 'LOGIN_PERSISTENCE', False)
LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False)
LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', True)
LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None)
LOGOUT_REDIRECT_URL = getattr(configuration, 'LOGOUT_REDIRECT_URL', 'home')
MEDIA_ROOT = getattr(configuration, 'MEDIA_ROOT', os.path.join(BASE_DIR, 'media')).rstrip('/')
Expand Down
4 changes: 3 additions & 1 deletion netbox/netbox/tests/test_plugins.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ def test_admin(self):
url = reverse('admin:dummy_plugin_dummymodel_add')
self.assertEqual(url, '/admin/dummy_plugin/dummymodel/add/')

@override_settings(LOGIN_REQUIRED=False)
def test_views(self):

# Test URL resolution
Expand All @@ -53,7 +54,7 @@ def test_views(self):
response = client.get(url)
self.assertEqual(response.status_code, 200)

@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
def test_api_views(self):

# Test URL resolution
Expand All @@ -65,6 +66,7 @@ def test_api_views(self):
response = client.get(url)
self.assertEqual(response.status_code, 200)

@override_settings(LOGIN_REQUIRED=False)
def test_registered_views(self):

# Test URL resolution
Expand Down
4 changes: 2 additions & 2 deletions netbox/utilities/testing/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ class APIViewTestCases:

class GetObjectViewTestCase(APITestCase):

@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
def test_get_object_anonymous(self):
"""
GET a single object as an unauthenticated user.
Expand Down Expand Up @@ -135,7 +135,7 @@ def test_options_object(self):
class ListObjectsViewTestCase(APITestCase):
brief_fields = []

@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
def test_list_objects_anonymous(self):
"""
GET a list of objects as an unauthenticated user.
Expand Down
4 changes: 2 additions & 2 deletions netbox/utilities/testing/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ class GetObjectViewTestCase(ModelViewTestCase):
"""
Retrieve a single instance.
"""
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
def test_get_object_anonymous(self):
# Make the request as an unauthenticated user
self.client.logout()
Expand Down Expand Up @@ -421,7 +421,7 @@ class ListObjectsViewTestCase(ModelViewTestCase):
"""
Retrieve multiple instances.
"""
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
@override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
def test_list_objects_anonymous(self):
# Make the request as an unauthenticated user
self.client.logout()
Expand Down
Loading