fix(backend): re-add active plugins to anon status (#10282)

* this was disabled due to wrong feedback by me, common debug tools do not work because of this * patch tests * make mfa test more robust
2025-09-13 06:01:35 +00:00 · 2025-09-08 23:39:25 +02:00
parent b65a3f985d
commit 2c22686520
3 changed files with 19 additions and 10 deletions
--- a/src/backend/InvenTree/InvenTree/api.py
+++ b/src/backend/InvenTree/InvenTree/api.py
@@ -305,8 +305,8 @@ class InfoView(APIView):
                'login_message': helpers.getCustomOption('login_message'),
                'navbar_message': helpers.getCustomOption('navbar_message'),
            },
+            'active_plugins': plugins_info(),
            # Following fields are only available to staff users
-            'active_plugins': plugins_info() if is_staff else None,
            'system_health': check_system_health() if is_staff else None,
            'database': InvenTree.version.inventreeDatabase() if is_staff else None,
            'platform': InvenTree.version.inventreePlatform() if is_staff else None,
--- a/src/backend/InvenTree/InvenTree/test_api.py
+++ b/src/backend/InvenTree/InvenTree/test_api.py
@@ -605,9 +605,7 @@ class GeneralApiTests(InvenTreeAPITestCase):
        response = self.get(url, max_query_count=20)
        data = response.json()
        self.assertEqual(data['database'], None)
-
-        # No active plugin info for anon user
-        self.assertIsNone(data.get('active_plugins'))
+        self.assertIsNotNone(data.get('active_plugins'))

        # Staff
        response = self.get(
--- a/src/backend/InvenTree/users/tests.py
+++ b/src/backend/InvenTree/users/tests.py
@@ -1,5 +1,7 @@
 """Unit tests for the 'users' app."""

+from time import sleep
+
 from django.apps import apps
 from django.contrib.auth.models import Group
 from django.test import TestCase
@@ -349,12 +351,21 @@ class MFALoginTest(InvenTreeAPITestCase):
        response = self.post(login_url, auth_data, expected_code=200)
        self._helper_meta_val(response)

-        # Add MFA
+        # Add MFA - trying in a limited loop in case of timing issues
+        success: bool = False
+        for _ in range(10):
+            try:
                response = self.post(
                    reverse('browser:mfa:manage_totp'),
                    {'code': self.get_topt()},
                    expected_code=200,
                )
+                success = True
+                break
+            except AssertionError:
+                sleep(0.8)
+        self.assertTrue(success, 'Failed to add MFA device')
+
        # There must be a TOTP device now - success
        self.get(reverse('browser:mfa:manage_totp'), expected_code=200)
        self.get(reverse('api-token'), expected_code=200)