diff --git a/backend/igny8_core/modules/integration/views.py b/backend/igny8_core/modules/integration/views.py index 8246c81e..6266e323 100644 --- a/backend/igny8_core/modules/integration/views.py +++ b/backend/igny8_core/modules/integration/views.py @@ -58,28 +58,19 @@ class IntegrationViewSet(SiteSectorModelViewSet): def validate(self, data): """ Custom validation for WordPress integrations. - Allow API key-only authentication (no username/password required). + API key is the only required authentication method. """ validated_data = super().validate(data) - # For WordPress platform, allow API key-only authentication + # For WordPress platform, require API key only if validated_data.get('platform') == 'wordpress': credentials = validated_data.get('credentials_json', {}) - # If API key is provided, username/app_password are optional - if credentials.get('api_key'): - # API key authentication - no username/password required - pass - elif not credentials.get('username') or not credentials.get('app_password'): - # Traditional auth requires both username and app_password - if not credentials.get('username'): - raise serializers.ValidationError({ - 'credentials_json': 'Username is required when not using API key authentication.' - }) - if not credentials.get('app_password'): - raise serializers.ValidationError({ - 'credentials_json': 'Application password is required when not using API key authentication.' - }) + # API key is required for all WordPress integrations + if not credentials.get('api_key'): + raise serializers.ValidationError({ + 'credentials_json': 'API key is required for WordPress integration.' + }) return validated_data