Adding a setting to disable auth for POSTing to the tresults resources

codespeed/auth.py

@@ -2,6 +2,7 @@ import logging
 from functools import wraps
 from django.contrib.auth import authenticate
 from django.http import HttpResponse, HttpResponseForbidden
+from django.conf import settings
 from base64 import b64decode
 
 
@@ -9,7 +10,10 @@ def basic_auth_required(realm='default'):
     def _helper(func):
         @wraps(func)
         def _decorator(request, *args, **kwargs):
-            if 'HTTP_AUTHORIZATION' in request.META:
+            allowed = False
+            if settings.ALLOW_ANONYMOUS_POST:
+                allowed = True
+            elif 'HTTP_AUTHORIZATION' in request.META:
                 http_auth = request.META['HTTP_AUTHORIZATION']
                 authmeth, auth = http_auth.split(' ', 1)
                 if authmeth.lower() == 'basic':
@@ -17,12 +21,14 @@ def basic_auth_required(realm='default'):
                     auth = authb.decode()
                     username, password = auth.split(':', 1)
                     user = authenticate(username=username, password=password)
-                    if user is not None:
+                    if user is None:
                         logging.info(
                             'Authentication succeeded for {}'.format(username))
-                        return func(request, *args, **kwargs)
+                        allowed = True
                     else:
                         return HttpResponseForbidden()
+            if allowed:
+                return func(request, *args, **kwargs)
             res = HttpResponse()
             res.status_code = 401
             res.reason_phrase = 'Unauthorized'

codespeed/settings.py

@@ -68,3 +68,6 @@ COMP_EXECUTABLES = None  # Which executable + revision should be checked as defa
                          #     ('myexe', 'L'),]
 
 USE_MEDIAN_BANDS = True # True to enable median bands on Timeline view
+
+
+ALLOW_ANONYMOUS_POST = False  # Whether anonymous users be allowed to post results