From c108fd016d6afd4a2caf9c9abbbba758a1c3bf15 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 9 Sep 2025 08:25:37 +1000
Subject: [PATCH] fix(backend): re-add active plugins to anon status (#10282)
 (#10295)

* this was disabled due to wrong feedback by me, common debug tools do not work because of this

* patch tests

* make mfa test more robust

(cherry picked from commit 2c22686520a3345394a503c8347a9995cb16363b)

Co-authored-by: Matthias Mair <code@mjmair.com>
---
 src/backend/InvenTree/InvenTree/api.py      |  2 +-
 src/backend/InvenTree/InvenTree/test_api.py |  4 +---
 src/backend/InvenTree/users/tests.py        | 23 +++++++++++++++------
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/backend/InvenTree/InvenTree/api.py b/src/backend/InvenTree/InvenTree/api.py
index 24da3d619a..9c49a0f72a 100644
--- a/src/backend/InvenTree/InvenTree/api.py
+++ b/src/backend/InvenTree/InvenTree/api.py
@@ -305,8 +305,8 @@ class InfoView(APIView):
                 'login_message': helpers.getCustomOption('login_message'),
                 'navbar_message': helpers.getCustomOption('navbar_message'),
             },
+            'active_plugins': plugins_info(),
             # Following fields are only available to staff users
-            'active_plugins': plugins_info() if is_staff else None,
             'system_health': check_system_health() if is_staff else None,
             'database': InvenTree.version.inventreeDatabase() if is_staff else None,
             'platform': InvenTree.version.inventreePlatform() if is_staff else None,
diff --git a/src/backend/InvenTree/InvenTree/test_api.py b/src/backend/InvenTree/InvenTree/test_api.py
index 5b4abcefd9..1f9d91b71b 100644
--- a/src/backend/InvenTree/InvenTree/test_api.py
+++ b/src/backend/InvenTree/InvenTree/test_api.py
@@ -605,9 +605,7 @@ class GeneralApiTests(InvenTreeAPITestCase):
         response = self.get(url, max_query_count=20)
         data = response.json()
         self.assertEqual(data['database'], None)
-
-        # No active plugin info for anon user
-        self.assertIsNone(data.get('active_plugins'))
+        self.assertIsNotNone(data.get('active_plugins'))
 
         # Staff
         response = self.get(
diff --git a/src/backend/InvenTree/users/tests.py b/src/backend/InvenTree/users/tests.py
index 41ee59bc2a..914e30c5d5 100644
--- a/src/backend/InvenTree/users/tests.py
+++ b/src/backend/InvenTree/users/tests.py
@@ -1,5 +1,7 @@
 """Unit tests for the 'users' app."""
 
+from time import sleep
+
 from django.apps import apps
 from django.contrib.auth.models import Group
 from django.test import TestCase
@@ -349,12 +351,21 @@ class MFALoginTest(InvenTreeAPITestCase):
         response = self.post(login_url, auth_data, expected_code=200)
         self._helper_meta_val(response)
 
-        # Add MFA
-        response = self.post(
-            reverse('browser:mfa:manage_totp'),
-            {'code': self.get_topt()},
-            expected_code=200,
-        )
+        # Add MFA - trying in a limited loop in case of timing issues
+        success: bool = False
+        for _ in range(10):
+            try:
+                response = self.post(
+                    reverse('browser:mfa:manage_totp'),
+                    {'code': self.get_topt()},
+                    expected_code=200,
+                )
+                success = True
+                break
+            except AssertionError:
+                sleep(0.8)
+        self.assertTrue(success, 'Failed to add MFA device')
+
         # There must be a TOTP device now - success
         self.get(reverse('browser:mfa:manage_totp'), expected_code=200)
         self.get(reverse('api-token'), expected_code=200)