clean up urls even more

2025-06-17 12:35:46 +00:00 · 2025-01-10 03:31:37 +01:00
parent 56137d268b
commit 72f89eaf15
3 changed files with 5 additions and 45 deletions
--- a/src/backend/InvenTree/InvenTree/urls.py
+++ b/src/backend/InvenTree/InvenTree/urls.py
@ -94,7 +94,6 @@ apipatterns = [
    path(
        'auth/',
        include([
            path('logout/', users.api.Logout.as_view(), name='api-logout'),
            path(
                'login-redirect/',
                users.api.LoginRedirect.as_view(),
@ -105,10 +104,9 @@ apipatterns = [
                include(
                    (build_urlpatterns(Client.BROWSER), 'headless'), namespace='browser'
                ),
-            ),
+            ),  # Allauth headless logic (only the browser client is included as we only use sessions based auth there)
        ]),
    ),
    path('_allauth/', include('allauth.headless.urls')),
    # Magic login URLs
    path(
        'email/generate/',
@ -122,8 +120,10 @@ apipatterns = [
 backendpatterns = [
-    path('auth/', include('rest_framework.urls', namespace='rest_framework')),
+    path(
-    path('auth/', auth_request),
+        'auth/', include('rest_framework.urls', namespace='rest_framework')
    ),  # Used for (DRF) browsable API auth
    path('auth/', auth_request),  # Used for proxies to check if user is authenticated
    path('api/', include(apipatterns)),
    path('api-doc/', SpectacularRedocView.as_view(url_name='schema'), name='api-doc'),
 ]
--- a/src/backend/InvenTree/users/api.py
+++ b/src/backend/InvenTree/users/api.py
@ -9,7 +9,6 @@ from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.generic.base import RedirectView
 import structlog
 from drf_spectacular.utils import OpenApiResponse, extend_schema, extend_schema_view
 from rest_framework import exceptions, permissions
 from rest_framework.generics import DestroyAPIView
 from rest_framework.permissions import IsAuthenticated
@ -216,36 +215,6 @@ class GroupList(GroupMixin, ListCreateAPI):
    ordering_fields = ['name']
@extend_schema_view(
    post=extend_schema(
        responses={200: OpenApiResponse(description='User successfully logged out')}
    )
 )
 class Logout(APIView):
    """API view for logging out via API."""
    serializer_class = None
    def post(self, request):
        """Logout the current user.
        Deletes user token associated with request.
        """
        from InvenTree.middleware import get_token_from_request
        if request.user:
            token_key = get_token_from_request(request)
            if token_key:
                try:
                    token = ApiToken.objects.get(key=token_key, user=request.user)
                    token.delete()
                except ApiToken.DoesNotExist:  # pragma: no cover
                    pass
        return super().logout(request)
 class GetAuthToken(APIView):
    """Return authentication token for an authenticated user."""
--- a/src/backend/InvenTree/users/test_api.py
+++ b/src/backend/InvenTree/users/test_api.py
@ -83,15 +83,6 @@ class UserAPITests(InvenTreeAPITestCase):
        self.assertIn('name', response.data)
        self.assertIn('permissions', response.data)
    # def test_logout(self):
    #     """Test api logout endpoint."""
    #     token_key = self.get(url=reverse('api-token')).data['token']
    #     self.client.logout()
    #     self.client.credentials(HTTP_AUTHORIZATION='Token ' + token_key)
    #     self.post(reverse('api-logout'), expected_code=200)
    #     self.get(reverse('api-token'), expected_code=401)
    def test_login_redirect(self):
        """Test login redirect endpoint."""
        response = self.get(reverse('api-login-redirect'), expected_code=302)