From 178a2c7c495db5a8cc938e0bad803c7f40d56472 Mon Sep 17 00:00:00 2001 From: Jeff Bradberry Date: Fri, 6 Sep 2019 14:59:26 -0400 Subject: [PATCH] Disable the authentication classes for the webhook receivers One of them was consuming the body of the posts. We do still need to have an extraneous `request.body` expression, though now in WebhookReceiverBase.post, since the `request.data` expression in the logging also consumes the request body. --- awx/api/generics.py | 3 --- awx/api/views/webhooks.py | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/awx/api/generics.py b/awx/api/generics.py index 952fadf450..be58b057d8 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -164,9 +164,6 @@ class APIView(views.APIView): if custom_header.startswith('HTTP_'): request.environ.pop(custom_header, None) - # WTF, FIXME - request.body - drf_request = super(APIView, self).initialize_request(request, *args, **kwargs) request.drf_request = drf_request try: diff --git a/awx/api/views/webhooks.py b/awx/api/views/webhooks.py index 0919414744..bb06361913 100644 --- a/awx/api/views/webhooks.py +++ b/awx/api/views/webhooks.py @@ -51,6 +51,7 @@ class WebhookReceiverBase(APIView): lookup_field = 'pk' permission_classes = (AllowAny,) + authentication_classes = () def get_queryset(self): qs_models = { @@ -95,6 +96,9 @@ class WebhookReceiverBase(APIView): @csrf_exempt def post(self, request, *args, **kwargs): + # Ensure that the full contents of the request are captured for multiple uses. + request.body + logger.debug( "headers: {}\n" "data: {}\n".format(request.headers, request.data)