salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Require API key for WordPress integration auth

Browse Source 
Updated the WordPress integration validation to require an API key as the sole authentication method, removing support for username and application password authentication.
This commit is contained in:
alorig
2025-11-24 07:45:45 +05:00
parent af6b29b8f8
commit 93923f25aa
1 changed files with 7 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backend/igny8_core/modules/integration/views.py
View File

@@ -58,28 +58,19 @@ class IntegrationViewSet(SiteSectorModelViewSet):
def validate(self, data):
"""
Custom validation for WordPress integrations.
Allow API key-only authentication (no username/password required).
API key is the only required authentication method.
"""
validated_data = super().validate(data)
# For WordPress platform, allow API key-only authentication
# For WordPress platform, require API key only
if validated_data.get('platform') == 'wordpress':
credentials = validated_data.get('credentials_json', {})
# If API key is provided, username/app_password are optional
if credentials.get('api_key'):
# API key authentication - no username/password required
pass
elif not credentials.get('username') or not credentials.get('app_password'):
# Traditional auth requires both username and app_password
if not credentials.get('username'):
raise serializers.ValidationError({
'credentials_json': 'Username is required when not using API key authentication.'
})
if not credentials.get('app_password'):
raise serializers.ValidationError({
'credentials_json': 'Application password is required when not using API key authentication.'
})
# API key is required for all WordPress integrations
if not credentials.get('api_key'):
raise serializers.ValidationError({
'credentials_json': 'API key is required for WordPress integration.'
})
return validated_data