Closes #16107: Set LOGIN_REQUIRED to True by default (#16122)

* Closes #16107: Set LOGIN_REQUIRED to True by default * Update tests
netbox-community · May 14, 2024 · b8a8db0 · b8a8db0
1 parent b67eda4
commit b8a8db0
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 11 deletions.
diff --git a/docs/configuration/security.md b/docs/configuration/security.md
@@ -159,9 +159,12 @@ Note that enabling this setting causes NetBox to update a user's session in the
 
 ## LOGIN_REQUIRED
 
-Default: False
+Default: True
+
+When enabled, only authenticated users are permitted to access any part of NetBox. Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
 
-Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox but not make any changes.
+!!! info "Changed in NetBox v4.0.2"
+    Prior to NetBox v4.0.2, this setting was disabled by default.
 
 ---
 

diff --git a/netbox/netbox/configuration_example.py b/netbox/netbox/configuration_example.py
@@ -157,9 +157,8 @@
 # authenticated to NetBox indefinitely.
 LOGIN_PERSISTENCE = False
 
-# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
-# are permitted to access most data in NetBox but not make any changes.
-LOGIN_REQUIRED = False
+# Setting this to False will permit unauthenticated users to access most areas of NetBox (but not make any changes).
+LOGIN_REQUIRED = True
 
 # The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
 # re-authenticate. (Default: 1209600 [14 days])

diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py
@@ -105,7 +105,7 @@
 LANGUAGE_COOKIE_PATH = CSRF_COOKIE_PATH
 LOGGING = getattr(configuration, 'LOGGING', {})
 LOGIN_PERSISTENCE = getattr(configuration, 'LOGIN_PERSISTENCE', False)
-LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False)
+LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', True)
 LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None)
 LOGOUT_REDIRECT_URL = getattr(configuration, 'LOGOUT_REDIRECT_URL', 'home')
 MEDIA_ROOT = getattr(configuration, 'MEDIA_ROOT', os.path.join(BASE_DIR, 'media')).rstrip('/')

diff --git a/netbox/netbox/tests/test_plugins.py b/netbox/netbox/tests/test_plugins.py
@@ -42,6 +42,7 @@ def test_admin(self):
         url = reverse('admin:dummy_plugin_dummymodel_add')
         self.assertEqual(url, '/admin/dummy_plugin/dummymodel/add/')
 
+    @override_settings(LOGIN_REQUIRED=False)
     def test_views(self):
 
         # Test URL resolution
@@ -53,7 +54,7 @@ def test_views(self):
         response = client.get(url)
         self.assertEqual(response.status_code, 200)
 
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
+    @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
     def test_api_views(self):
 
         # Test URL resolution
@@ -65,6 +66,7 @@ def test_api_views(self):
         response = client.get(url)
         self.assertEqual(response.status_code, 200)
 
+    @override_settings(LOGIN_REQUIRED=False)
     def test_registered_views(self):
 
         # Test URL resolution

diff --git a/netbox/utilities/testing/api.py b/netbox/utilities/testing/api.py
@@ -73,7 +73,7 @@ class APIViewTestCases:
 
     class GetObjectViewTestCase(APITestCase):
 
-        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
+        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
         def test_get_object_anonymous(self):
             """
             GET a single object as an unauthenticated user.
@@ -135,7 +135,7 @@ def test_options_object(self):
     class ListObjectsViewTestCase(APITestCase):
         brief_fields = []
 
-        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
+        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
         def test_list_objects_anonymous(self):
             """
             GET a list of objects as an unauthenticated user.

diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py
@@ -62,7 +62,7 @@ class GetObjectViewTestCase(ModelViewTestCase):
         """
         Retrieve a single instance.
         """
-        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
+        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
         def test_get_object_anonymous(self):
             # Make the request as an unauthenticated user
             self.client.logout()
@@ -421,7 +421,7 @@ class ListObjectsViewTestCase(ModelViewTestCase):
         """
         Retrieve multiple instances.
         """
-        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'])
+        @override_settings(EXEMPT_VIEW_PERMISSIONS=['*'], LOGIN_REQUIRED=False)
         def test_list_objects_anonymous(self):
             # Make the request as an unauthenticated user
             self.client.logout()