netbox-community · arthanson · Aug 15, 2025 · Aug 7, 2025 · Aug 11, 2025 · Aug 11, 2025
diff --git a/netbox/netbox/views/misc.py b/netbox/netbox/views/misc.py
@@ -20,7 +20,7 @@
 from netbox.tables import SearchTable
 from utilities.htmx import htmx_partial
 from utilities.paginator import EnhancedPaginator, get_paginate_count
-from utilities.views import ConditionalLoginRequiredMixin
+from utilities.views import ConditionalLoginRequiredMixin, TokenConditionalLoginRequiredMixin
 
 __all__ = (
     'HomeView',
@@ -119,7 +119,7 @@ def get(self, request):
         })
 
 
-class MediaView(ConditionalLoginRequiredMixin, View):
+class MediaView(TokenConditionalLoginRequiredMixin, View):
     """
     Wrap Django's serve() view to enforce LOGIN_REQUIRED for static media.
     """

diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py
@@ -7,6 +7,7 @@
 from django.urls.exceptions import NoReverseMatch
 from django.utils.translation import gettext_lazy as _
 
+from netbox.api.authentication import TokenAuthentication
 from netbox.plugins import PluginConfig
 from netbox.registry import registry
 from utilities.relations import get_related_models
@@ -19,6 +20,7 @@
     'GetRelatedModelsMixin',
     'GetReturnURLMixin',
     'ObjectPermissionRequiredMixin',
+    'TokenConditionalLoginRequiredMixin',
     'ViewTab',
     'get_viewname',
     'register_model_view',
@@ -39,6 +41,19 @@ def dispatch(self, request, *args, **kwargs):
         return super().dispatch(request, *args, **kwargs)
 
 
+class TokenConditionalLoginRequiredMixin(ConditionalLoginRequiredMixin):
+    def dispatch(self, request, *args, **kwargs):
+        # Attempt to authenticate the user using a DRF token, if provided
+        if settings.LOGIN_REQUIRED and not request.user.is_authenticated:
+            authenticator = TokenAuthentication()
+            auth_info = authenticator.authenticate(request)
+            if auth_info is not None:
+                request.user = auth_info[0]  # User object
+                request.auth = auth_info[1]
+
+        return super().dispatch(request, *args, **kwargs)
+
+
 class ContentTypePermissionRequiredMixin(ConditionalLoginRequiredMixin):
     """
     Similar to Django's built-in PermissionRequiredMixin, but extended to check model-level permission assignments.