Auth endpoint updates (#6683)

- Allow CORS requests to /auth/
- Do not redirect

InvenTree/InvenTree/middleware.py

@@ -74,6 +74,7 @@ class AuthRequiredMiddleware(object):
 
         # Is the function exempt from auth requirements?
         path_func = resolve(request.path).func
+
         if getattr(path_func, 'auth_exempt', False) is True:
             return self.get_response(request)
 
@@ -119,7 +120,13 @@ class AuthRequiredMiddleware(object):
                 ]
 
                 # Do not redirect requests to any of these paths
-                paths_ignore = ['/api/', '/js/', '/media/', '/static/']
+                paths_ignore = [
+                    '/api/',
+                    '/auth/',
+                    '/js/',
+                    settings.MEDIA_URL,
+                    settings.STATIC_URL,
+                ]
 
                 if path not in urls and not any(
                     path.startswith(p) for p in paths_ignore

InvenTree/InvenTree/settings.py

@@ -130,6 +130,9 @@ DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000
 # Web URL endpoint for served static files
 STATIC_URL = '/static/'
 
+# Web URL endpoint for served media files
+MEDIA_URL = '/media/'
+
 STATICFILES_DIRS = []
 
 # Translated Template settings
@@ -155,9 +158,6 @@ STATFILES_I18_PROCESSORS = ['InvenTree.context.status_codes']
 # Color Themes Directory
 STATIC_COLOR_THEMES_DIR = STATIC_ROOT.joinpath('css', 'color-themes').resolve()
 
-# Web URL endpoint for served media files
-MEDIA_URL = '/media/'
-
 # Database backup options
 # Ref: https://django-dbbackup.readthedocs.io/en/master/configuration.html
 DBBACKUP_SEND_EMAIL = False
@@ -1058,7 +1058,7 @@ CORS_ALLOW_CREDENTIALS = get_boolean_setting(
 )
 
 # Only allow CORS access to the following URL endpoints
-CORS_URLS_REGEX = r'^/(api|media|static)/.*$'
+CORS_URLS_REGEX = r'^/(api|auth|media|static)/.*$'
 
 CORS_ALLOWED_ORIGINS = get_setting(
     'INVENTREE_CORS_ORIGIN_WHITELIST',