views: Allow use of basic auth for bundle mboxes

API clients are going to talk using basic auth. We also need to do this
for bundles. The alternative is to provide another endpoint for bundles
in the API but that seems unnecessary.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Andy Doan <andy.doan@linaro.org>

diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
index e7174298dc02261ebff125d7578fccc9f31688ea..95c44ae0ad9d37c5e50121d711cb2a8ee6b9e724 100644 (file)
--- a/patchwork/views/bundle.py
+++ b/patchwork/views/bundle.py
@@ -19,6 +19,7 @@
 
 from __future__ import absolute_import
 
+from django.conf import settings
 from django.contrib.auth.decorators import login_required
 import django.core.urlresolvers
 from django.http import (HttpResponse, HttpResponseRedirect,
@@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm
 from patchwork.models import Patch, Bundle, BundlePatch, Project
 from patchwork.views import generic_list, patch_to_mbox, get_patch_ids
 
+if settings.ENABLE_REST_API:
+    from rest_framework.authentication import BasicAuthentication  # noqa
+    basic_auth = BasicAuthentication()
+else:
+    basic_auth = None
+
 
 @login_required
 def setbundle(request):
@@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
     bundle = get_object_or_404(Bundle, owner__username=username,
                                name=bundlename)
 
-    if not (request.user == bundle.owner or bundle.public):
+    if not (request.user == bundle.owner or bundle.public or
+            (basic_auth and basic_auth.authenticate(request))):
         return HttpResponseNotFound()
 
     mbox = '\n'.join([patch_to_mbox(p).as_string(True)