Merge branch 'refs/heads/white/staging' into white/master

Diego Nadares · Diego Nadares · commit aad53820f9c3 · 2025-01-13T09:32:43.000-03:00
diff --git a/CHANGELOG/5.10.1/community.md b/CHANGELOG/5.10.1/community.md
@@ -0,0 +1 @@
+ * [FIX] Fix config endpoint authentication. #7889
diff --git a/CHANGELOG/5.10.1/date.md b/CHANGELOG/5.10.1/date.md
@@ -0,0 +1 @@
+Jan 13th, 2025
diff --git a/RELEASE.md b/RELEASE.md
@@ -1,6 +1,10 @@
 New features in the latest update
 =====================================
 
+5.10.1 [Jan 13th, 2025]:
+---
+ * [FIX] Fix config endpoint authentication. #7889
+
 5.10.0 [Jan 6th, 2025]:
 ---
  * [ADD] CVSS4 data is now included in CSV exports. #7850
diff --git a/faraday/__init__.py b/faraday/__init__.py
@@ -4,4 +4,4 @@
 See the file 'doc/LICENSE' for the license information
 """
 
-__version__ = '5.10.0'
+__version__ = '5.10.1'
diff --git a/faraday/openapi/faraday_swagger.json b/faraday/openapi/faraday_swagger.json
@@ -1,7 +1,7 @@
 {
     "info": {
         "description": "The Faraday REST API enables you to interact with [our server](https://github.com/infobyte/faraday).\nUse this API to interact or integrate with Faraday server. This page documents the REST API, with HTTP response codes and example requests and responses.",
-        "title": "Faraday 5.10.0 API",
+        "title": "Faraday 5.10.1 API",
         "version": "v3"
     },
     "security": [
diff --git a/faraday/server/api/modules/info.py b/faraday/server/api/modules/info.py
@@ -7,6 +7,7 @@
 # Related third party imports
 import flask
 from flask import Blueprint
+from flask_login import current_user
 from marshmallow import Schema
 
 # Local application imports
@@ -57,13 +58,17 @@ def get(self):
             200:
               description: Ok
         """
-        doc = {
-            'ver': f_version,
-            'show_vulns_by_price': DashboardSettings.settings.show_vulns_by_price,
-            'smtp_enabled': False
-        }
-
-        return flask.jsonify(doc)
+        if current_user.is_authenticated:
+            doc = {
+                'ver': f_version,
+                'show_vulns_by_price': DashboardSettings.settings.show_vulns_by_price,
+                'smtp_enabled': False,
+                'sso_enabled': False
+            }
+            return flask.jsonify(doc)
+        return flask.jsonify({'sso_enabled': False})
+
+    get.is_public = True
 
 
 InfoView.register(info_api)
diff --git a/pynixify/packages/faradaysec/default.nix b/pynixify/packages/faradaysec/default.nix
@@ -18,7 +18,7 @@
 
 buildPythonPackage rec {
   pname = "faradaysec";
-  version = "5.10.0";
+  version = "5.10.1";
 
   src = lib.cleanSource ../../..;
 
diff --git a/tests/test_api_info.py b/tests/test_api_info.py
@@ -22,7 +22,11 @@ def test_api_info(self, test_client):
 
     def test_api_config_no_login(self, test_client, session):
         response = test_client.get('config')
-        assert response.status_code == 401
+        keys = ['ver', 'show_vulns_by_price', 'smtp_enabled']
+        assert response.status_code == 200
+        assert response.json['sso_enabled'] is False
+        for key in keys:
+            assert key not in response.json.keys()
 
     @pytest.mark.usefixtures('logged_user')
     def test_get_config(self, test_client):

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ * [FIX] Fix config endpoint authentication. #7889`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"info": {`
`3`	`3`	`"description": "The Faraday REST API enables you to interact with [our server](https://github.com/infobyte/faraday).\nUse this API to interact or integrate with Faraday server. This page documents the REST API, with HTTP response codes and example requests and responses.",`
`4`		`- "title": "Faraday 5.10.0 API",`
	`4`	`+ "title": "Faraday 5.10.1 API",`
`5`	`5`	`"version": "v3"`
`6`	`6`	`},`
`7`	`7`	`"security": [`