From: Sebastian Wagner <sebastian.wagner@suse.com>
Date: Wed, 21 Feb 2018 14:46:40 +0000 (+0100)
Subject: mgr/dashboard_v2: Also protect `/api`
X-Git-Tag: v13.0.2~84^2~43
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e346bcaf92f44c934fa08b023d72f0b5538c0855;p=ceph.git

mgr/dashboard_v2: Also protect `/api`

Signed-off-by: Sebastian Wagner <sebastian.wagner@suse.com>
---

diff --git a/src/pybind/mgr/dashboard_v2/module.py b/src/pybind/mgr/dashboard_v2/module.py
index f96692db6f4eb..ce228f33cb9be 100644
--- a/src/pybind/mgr/dashboard_v2/module.py
+++ b/src/pybind/mgr/dashboard_v2/module.py
@@ -158,6 +158,11 @@ class Module(MgrModule):
 
     class ApiRoot(object):
 
+        _cp_config = {
+            'tools.sessions.on': True,
+            'tools.authenticate.on': True
+        }
+
         def __init__(self, mgrmod):
             self.ctrls = load_controllers(mgrmod)
             logger.debug('Loaded controllers: %s', self.ctrls)
diff --git a/src/pybind/mgr/dashboard_v2/tests/test_auth.py b/src/pybind/mgr/dashboard_v2/tests/test_auth.py
index 63000ac206077..e0ad2265fed87 100644
--- a/src/pybind/mgr/dashboard_v2/tests/test_auth.py
+++ b/src/pybind/mgr/dashboard_v2/tests/test_auth.py
@@ -72,3 +72,5 @@ class AuthTest(ControllerTestCase):
     def test_unauthorized(self):
         self._get("/api/host")
         self.assertStatus(401)
+        self._get("/api")
+        self.assertStatus(401)