From e7668a7ad7d372466404a7562da379881af00005 Mon Sep 17 00:00:00 2001
From: Igor Ponomarev <igor.ponomarev@collabora.com>
Date: Mon, 4 Jul 2022 15:37:35 +0300
Subject: [PATCH] Disable REQUIRE_LOGIN for `scheduler/internal/v1`

Internal API has its own authentication mechanism that is not
compatible with Django authentication.
---
 lava_server/security.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lava_server/security.py b/lava_server/security.py
index 5a23e0996..b8774a8a4 100644
--- a/lava_server/security.py
+++ b/lava_server/security.py
@@ -28,6 +28,10 @@ class LavaRequireLoginMiddleware:
     HOME_PATH: ClassVar[PurePosixPath] = PurePosixPath("/") / settings.MOUNT_POINT
     LOGIN_PATH: ClassVar[PurePosixPath] = PurePosixPath(settings.LOGIN_URL)
 
+    SCHEDULER_INTERNALS_PATH: ClassVar[PurePosixPath] = (
+        HOME_PATH / "scheduler/internal/v1"
+    )
+
     def __init__(self, get_response):
         self.get_response = get_response
         self.require_login = login_required(get_response)
@@ -40,6 +44,13 @@ class LavaRequireLoginMiddleware:
         if path == cls.LOGIN_PATH:
             return True
 
+        try:
+            cls.SCHEDULER_INTERNALS_PATH.relative_to(path)
+        except ValueError:
+            ...
+        else:
+            return True
+
         return False
 
     @classmethod
-- 
GitLab