Disable the authentication classes for the webhook receivers

One of them was consuming the body of the posts. We do still need to have an extraneous `request.body` expression, though now in WebhookReceiverBase.post, since the `request.data` expression in the logging also consumes the request body.
2026-01-14 19:30:39 -03:30 · 2019-09-06 14:59:26 -04:00 · 2019-09-06 14:59:26 -04:00 · 178a2c7c49
commit 178a2c7c49
parent 58e5f02129
2 changed files with 4 additions and 3 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@ -164,9 +164,6 @@ class APIView(views.APIView):
                if custom_header.startswith('HTTP_'):
                    request.environ.pop(custom_header, None)

-        # WTF, FIXME
-        request.body
-
        drf_request = super(APIView, self).initialize_request(request, *args, **kwargs)
        request.drf_request = drf_request
        try:
--- a/awx/api/views/webhooks.py
+++ b/awx/api/views/webhooks.py
@ -51,6 +51,7 @@ class WebhookReceiverBase(APIView):
    lookup_field = 'pk'

    permission_classes = (AllowAny,)
+    authentication_classes = ()

    def get_queryset(self):
        qs_models = {
@ -95,6 +96,9 @@ class WebhookReceiverBase(APIView):

    @csrf_exempt
    def post(self, request, *args, **kwargs):
+        # Ensure that the full contents of the request are captured for multiple uses.
+        request.body
+
        logger.debug(
            "headers: {}\n"
            "data: {}\n".format(request.headers, request.data)